diff --git a/.gitignore b/.gitignore
index eee5b09..5e4ac2c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/sssd-2.2.3.tar.gz
+SOURCES/sssd-2.3.0.tar.gz
diff --git a/.sssd.metadata b/.sssd.metadata
index 3fa9e18..1dea3e7 100644
--- a/.sssd.metadata
+++ b/.sssd.metadata
@@ -1 +1 @@
-c2b457f85586750f5b22bfedd4cbca5b6f8fdb88 SOURCES/sssd-2.2.3.tar.gz
+61b8704c33ea80104fa9d94017c704e333c3c552 SOURCES/sssd-2.3.0.tar.gz
diff --git a/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch b/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch
deleted file mode 100644
index 124b9be..0000000
--- a/SOURCES/0001-INI-sssctl-config-check-command-error-messages.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From b626651847e188e89a332b8ac4bfaaa5047e1b3d Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Tue, 10 Dec 2019 16:30:32 +0100
-Subject: [PATCH] INI: sssctl config-check command error messages
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In case of parsing error sssctl config-check command does not give
-proper error messages with line number. With this patch the error
-message is printed again.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4129
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/util/sss_ini.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/util/sss_ini.c b/src/util/sss_ini.c
-index e3699805d..5d91602cd 100644
---- a/src/util/sss_ini.c
-+++ b/src/util/sss_ini.c
-@@ -865,6 +865,7 @@ int sss_ini_read_sssd_conf(struct sss_ini *self,
-
- ret = sss_ini_parse(self);
- if (ret != EOK) {
-+ sss_ini_config_print_errors(self->error_list);
- DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse configuration.\n");
- return ERR_INI_PARSE_FAILED;
- }
---
-2.20.1
-
diff --git a/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch b/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch
new file mode 100644
index 0000000..52ba2f4
--- /dev/null
+++ b/SOURCES/0001-ad_gpo_ndr.c-more-ndr-updates.patch
@@ -0,0 +1,114 @@
+From a7c755672cd277497da3df4714f6d9457b6ac5ae Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 28 May 2020 15:02:43 +0200
+Subject: [PATCH] ad_gpo_ndr.c: more ndr updates
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This patch add another update to the ndr code which was previously
+updated by commit c031adde4f532f39845a0efd78693600f1f8b2f4 and
+1fdd8fa2fded1985fbfc6aa67394eebcdbb6a2fc.
+
+As missing update in ndr_pull_security_ace() cased
+a failure in ad_gpo_parse_sd(). A unit-test for ad_gpo_parse_sd() was
+added to prevent similar issues in future.
+
+Resolves: https://github.com/SSSD/sssd/issues/5183
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_gpo_ndr.c | 1 +
+ src/tests/cmocka/test_ad_gpo.c | 57 ++++++++++++++++++++++++++++++++++
+ 2 files changed, 58 insertions(+)
+
+diff --git a/src/providers/ad/ad_gpo_ndr.c b/src/providers/ad/ad_gpo_ndr.c
+index acd7b77c8..71d6d40f2 100644
+--- a/src/providers/ad/ad_gpo_ndr.c
++++ b/src/providers/ad/ad_gpo_ndr.c
+@@ -317,6 +317,7 @@ ndr_pull_security_ace(struct ndr_pull *ndr,
+ ndr->offset += pad;
+ }
+ if (ndr_flags & NDR_BUFFERS) {
++ NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type));
+ NDR_CHECK(ndr_pull_security_ace_object_ctr
+ (ndr, NDR_BUFFERS, &r->object));
+ }
+diff --git a/src/tests/cmocka/test_ad_gpo.c b/src/tests/cmocka/test_ad_gpo.c
+index 97f70408a..d1f7a6915 100644
+--- a/src/tests/cmocka/test_ad_gpo.c
++++ b/src/tests/cmocka/test_ad_gpo.c
+@@ -347,6 +347,60 @@ void test_ad_gpo_ace_includes_host_sid_true(void **state)
+ group_size, ace_dom_sid, true);
+ }
+
++uint8_t test_sid_data[] = {
++0x01, 0x00, 0x04, 0x9c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
++0x14, 0x00, 0x00, 0x00, 0x04, 0x00, 0x34, 0x01, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
++0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
++0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8,
++0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00, 0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55,
++0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x0a, 0x24, 0x00, 0xff, 0x00, 0x0f, 0x00,
++0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00, 0xda, 0x0e, 0xba, 0x60,
++0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x07, 0x02, 0x00, 0x00, 0x00, 0x00, 0x24, 0x00,
++0xbd, 0x00, 0x0e, 0x00, 0x01, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x15, 0x00, 0x00, 0x00,
++0xda, 0x0e, 0xba, 0x60, 0x0f, 0xa2, 0xf4, 0x55, 0xb5, 0x57, 0x47, 0xf8, 0x00, 0x02, 0x00, 0x00,
++0x00, 0x0a, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03,
++0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0xff, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x12, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00,
++0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x0b, 0x00, 0x00, 0x00, 0x05, 0x02, 0x28, 0x00,
++0x00, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x8f, 0xfd, 0xac, 0xed, 0xb3, 0xff, 0xd1, 0x11,
++0xb4, 0x1d, 0x00, 0xa0, 0xc9, 0x68, 0xf9, 0x39, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05,
++0x0b, 0x00, 0x00, 0x00, 0x00, 0x02, 0x14, 0x00, 0x94, 0x00, 0x02, 0x00, 0x01, 0x01, 0x00, 0x00,
++0x00, 0x00, 0x00, 0x05, 0x09, 0x00, 0x00, 0x00
++};
++
++void test_ad_gpo_parse_sd(void **state)
++{
++ int ret;
++ struct security_descriptor *sd = NULL;
++
++ ret = ad_gpo_parse_sd(test_ctx, NULL, 0, &sd);
++ assert_int_equal(ret, EINVAL);
++
++ ret = ad_gpo_parse_sd(test_ctx, test_sid_data, sizeof(test_sid_data), &sd);
++ assert_int_equal(ret, EOK);
++ assert_non_null(sd);
++ assert_int_equal(sd->revision, 1);
++ assert_int_equal(sd->type, 39940);
++ assert_null(sd->owner_sid);
++ assert_null(sd->group_sid);
++ assert_null(sd->sacl);
++ assert_non_null(sd->dacl);
++ assert_int_equal(sd->dacl->revision, 4);
++ assert_int_equal(sd->dacl->size, 308);
++ assert_int_equal(sd->dacl->num_aces, 10);
++ assert_int_equal(sd->dacl->aces[0].type, 0);
++ assert_int_equal(sd->dacl->aces[0].flags, 0);
++ assert_int_equal(sd->dacl->aces[0].size, 36);
++ assert_int_equal(sd->dacl->aces[0].access_mask, 917693);
++ /* There are more components and ACEs in the security_descriptor struct
++ * which are not checked here. */
++
++ talloc_free(sd);
++}
++
+ int main(int argc, const char *argv[])
+ {
+ poptContext pc;
+@@ -385,6 +439,9 @@ int main(int argc, const char *argv[])
+ cmocka_unit_test_setup_teardown(test_ad_gpo_ace_includes_host_sid_true,
+ ad_gpo_test_setup,
+ ad_gpo_test_teardown),
++ cmocka_unit_test_setup_teardown(test_ad_gpo_parse_sd,
++ ad_gpo_test_setup,
++ ad_gpo_test_teardown),
+ };
+
+ /* Set debug level to invalid value so we can decide if -d 0 was used. */
+--
+2.21.1
+
diff --git a/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch b/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch
deleted file mode 100644
index 1eee827..0000000
--- a/SOURCES/0002-certmap-mention-special-regex-characters-in-man-page.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 21cb9fb28db1f2eb4ee770eb029bfe20233e4392 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 12 Dec 2019 13:10:16 +0100
-Subject: [PATCH] certmap: mention special regex characters in man page
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Since some of the matching rules use regular expressions some characters
-must be escaped so that they can be used a ordinary characters in the
-rules.
-
-Related to https://pagure.io/SSSD/sssd/issue/4127
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/man/sss-certmap.5.xml | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/man/sss-certmap.5.xml b/src/man/sss-certmap.5.xml
-index db258d14a..10343625e 100644
---- a/src/man/sss-certmap.5.xml
-+++ b/src/man/sss-certmap.5.xml
-@@ -92,6 +92,15 @@
- <para>
- Example: <SUBJECT>.*,DC=MY,DC=DOMAIN
- </para>
-+ <para>
-+ Please note that the characters "^.[$()|*+?{\" have a
-+ special meaning in regular expressions and must be
-+ escaped with the help of the '\' character so that they
-+ are matched as ordinary characters.
-+ </para>
-+ <para>
-+ Example: <SUBJECT>^CN=.* \(Admin\),DC=MY,DC=DOMAIN$
-+ </para>
- </listitem>
- </varlistentry>
- <varlistentry>
---
-2.20.1
-
diff --git a/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch b/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch
new file mode 100644
index 0000000..9a6d266
--- /dev/null
+++ b/SOURCES/0002-test-avoid-endian-issues-in-network-tests.patch
@@ -0,0 +1,39 @@
+From 532b75c937d767caf60bb00f1a525ae7f6c70cc6 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Wed, 20 May 2020 12:07:13 +0200
+Subject: [PATCH] test: avoid endian issues in network tests
+
+Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
+---
+ src/tests/cmocka/test_nss_srv.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
+index 2c91d0a23..3cd7809cf 100644
+--- a/src/tests/cmocka/test_nss_srv.c
++++ b/src/tests/cmocka/test_nss_srv.c
+@@ -35,6 +35,7 @@
+ #include "util/util_sss_idmap.h"
+ #include "util/crypto/sss_crypto.h"
+ #include "util/crypto/nss/nss_util.h"
++#include "util/sss_endian.h"
+ #include "db/sysdb_private.h" /* new_subdomain() */
+ #include "db/sysdb_iphosts.h"
+ #include "db/sysdb_ipnetworks.h"
+@@ -5308,7 +5309,13 @@ struct netent test_netent = {
+ .n_name = discard_const("test_network"),
+ .n_aliases = discard_const(test_netent_aliases),
+ .n_addrtype = AF_INET,
++#if (__BYTE_ORDER == __LITTLE_ENDIAN)
+ .n_net = 0x04030201 /* 1.2.3.4 */
++#elif (__BYTE_ORDER == __BIG_ENDIAN)
++ .n_net = 0x01020304 /* 1.2.3.4 */
++#else
++ #error "unknow endianess"
++#endif
+ };
+
+ static void mock_input_netbyname(const char *name)
+--
+2.21.1
+
diff --git a/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch b/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch
deleted file mode 100644
index c0d5c51..0000000
--- a/SOURCES/0003-ldap_child-do-not-try-PKINIT.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 580d61884b6c0a81357d8f9fa69fe69d1f017185 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 6 Dec 2019 12:29:49 +0100
-Subject: [PATCH] ldap_child: do not try PKINIT
-
-if the PKINIT plugin is installed and pkinit_identities is set in
-/etc/krb5.conf libkrb5 will try to do PKINIT although ldap_child only
-wants to authenticate with a keytab. As a result ldap_child might try to
-access a Smartcard which is either not allowed at all or might cause
-unexpected delays.
-
-To avoid this the current patch sets pkinit_identities for LDAP child
-explicitly to make the PKINIT plugin fail because if installed libkrb5
-will always use it.
-
-It turned out the setting pre-authentication options requires some
-internal flags to be set and krb5_get_init_creds_opt_alloc() must be
-used to initialize the options struct.
-
-Related to https://pagure.io/SSSD/sssd/issue/4126
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/providers/ldap/ldap_child.c | 30 ++++++++++++++++++++++--------
- 1 file changed, 22 insertions(+), 8 deletions(-)
-
-diff --git a/src/providers/ldap/ldap_child.c b/src/providers/ldap/ldap_child.c
-index 408d64db4..b081df90f 100644
---- a/src/providers/ldap/ldap_child.c
-+++ b/src/providers/ldap/ldap_child.c
-@@ -277,7 +277,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- krb5_ccache ccache = NULL;
- krb5_principal kprinc;
- krb5_creds my_creds;
-- krb5_get_init_creds_opt options;
-+ krb5_get_init_creds_opt *options = NULL;
- krb5_error_code krberr;
- krb5_timestamp kdc_time_offset;
- int canonicalize = 0;
-@@ -392,19 +392,32 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- }
-
- memset(&my_creds, 0, sizeof(my_creds));
-- memset(&options, 0, sizeof(options));
-
-- krb5_get_init_creds_opt_set_address_list(&options, NULL);
-- krb5_get_init_creds_opt_set_forwardable(&options, 0);
-- krb5_get_init_creds_opt_set_proxiable(&options, 0);
-- krb5_get_init_creds_opt_set_tkt_life(&options, lifetime);
-+ krberr = krb5_get_init_creds_opt_alloc(context, &options);
-+ if (krberr != 0) {
-+ DEBUG(SSSDBG_OP_FAILURE, "krb5_get_init_creds_opt_alloc failed.\n");
-+ goto done;
-+ }
-+
-+ krb5_get_init_creds_opt_set_address_list(options, NULL);
-+ krb5_get_init_creds_opt_set_forwardable(options, 0);
-+ krb5_get_init_creds_opt_set_proxiable(options, 0);
-+ krb5_get_init_creds_opt_set_tkt_life(options, lifetime);
-+ krberr = krb5_get_init_creds_opt_set_pa(context, options,
-+ "X509_user_identity", "");
-+ if (krberr != 0) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "krb5_get_init_creds_opt_set_pa failed [%d], ignored.\n",
-+ krberr);
-+ }
-+
-
- tmp_str = getenv("KRB5_CANONICALIZE");
- if (tmp_str != NULL && strcasecmp(tmp_str, "true") == 0) {
- DEBUG(SSSDBG_CONF_SETTINGS, "Will canonicalize principals\n");
- canonicalize = 1;
- }
-- sss_krb5_get_init_creds_opt_set_canonicalize(&options, canonicalize);
-+ sss_krb5_get_init_creds_opt_set_canonicalize(options, canonicalize);
-
- ccname_file = talloc_asprintf(tmp_ctx, "%s/ccache_%s",
- DB_PATH, realm_name);
-@@ -433,7 +446,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- }
-
- krberr = krb5_get_init_creds_keytab(context, &my_creds, kprinc,
-- keytab, 0, NULL, &options);
-+ keytab, 0, NULL, options);
- if (krberr != 0) {
- DEBUG(SSSDBG_OP_FAILURE,
- "krb5_get_init_creds_keytab() failed: %d\n", krberr);
-@@ -513,6 +526,7 @@ static krb5_error_code ldap_child_get_tgt_sync(TALLOC_CTX *memctx,
- *expire_time_out = my_creds.times.endtime - kdc_time_offset;
-
- done:
-+ krb5_get_init_creds_opt_free(context, options);
- if (krberr != 0) {
- if (*_krb5_msg == NULL) {
- /* no custom error message provided hence get one from libkrb5 */
---
-2.20.1
-
diff --git a/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch b/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch
new file mode 100644
index 0000000..9934c57
--- /dev/null
+++ b/SOURCES/0003-sssctl-sssctl-config-check-alternative-config-file.patch
@@ -0,0 +1,137 @@
+From 61f4aaa56ea876fb75c1366c938818b7799408ab Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Wed, 29 Apr 2020 16:40:36 +0200
+Subject: [PATCH] sssctl: sssctl config-check alternative config file
+
+The sssctl config-check now allows to specify alternative config
+file so it can be tested before rewriting system configuration.
+
+ sssctl config-check -c ./sssd.conf
+
+Configuration snippets are looked up in the same place under
+conf.d directory. It would be in ./conf.d/ for the example above.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5142
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/confdb/confdb.h | 6 ++--
+ src/tools/sssctl/sssctl_config.c | 56 ++++++++++++++++++++++++++++----
+ 2 files changed, 53 insertions(+), 9 deletions(-)
+
+diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
+index 0a5593232..a2b58e12a 100644
+--- a/src/confdb/confdb.h
++++ b/src/confdb/confdb.h
+@@ -40,8 +40,10 @@
+
+ #define CONFDB_DEFAULT_CFG_FILE_VER 2
+ #define CONFDB_FILE "config.ldb"
+-#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/sssd.conf"
+-#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/conf.d"
++#define SSSD_CONFIG_FILE_NAME "sssd.conf"
++#define SSSD_CONFIG_FILE SSSD_CONF_DIR"/"SSSD_CONFIG_FILE_NAME
++#define CONFDB_DEFAULT_CONFIG_DIR_NAME "conf.d"
++#define CONFDB_DEFAULT_CONFIG_DIR SSSD_CONF_DIR"/"CONFDB_DEFAULT_CONFIG_DIR_NAME
+ #define SSSD_MIN_ID 1
+ #define SSSD_LOCAL_MINID 1000
+ #define CONFDB_DEFAULT_SHELL_FALLBACK "/bin/sh"
+diff --git a/src/tools/sssctl/sssctl_config.c b/src/tools/sssctl/sssctl_config.c
+index 74395b61c..de9f3de6e 100644
+--- a/src/tools/sssctl/sssctl_config.c
++++ b/src/tools/sssctl/sssctl_config.c
+@@ -34,6 +34,29 @@
+
+
+ #ifdef HAVE_LIBINI_CONFIG_V1_3
++
++static char *sssctl_config_snippet_path(TALLOC_CTX *ctx, const char *path)
++{
++ char *tmp = NULL;
++ const char delimiter = '/';
++ char *dpos = NULL;
++
++ tmp = talloc_strdup(ctx, path);
++ if (!tmp) {
++ return NULL;
++ }
++
++ dpos = strrchr(tmp, delimiter);
++ if (dpos != NULL) {
++ ++dpos;
++ *dpos = '\0';
++ } else {
++ *tmp = '\0';
++ }
++
++ return talloc_strdup_append(tmp, CONFDB_DEFAULT_CONFIG_DIR_NAME);
++}
++
+ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ struct sss_tool_ctx *tool_ctx,
+ void *pvt)
+@@ -47,8 +70,15 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ size_t num_ra_error, num_ra_success;
+ char **strs = NULL;
+ TALLOC_CTX *tmp_ctx = NULL;
+-
+- ret = sss_tool_popt(cmdline, NULL, SSS_TOOL_OPT_OPTIONAL, NULL, NULL);
++ const char *config_path = NULL;
++ const char *config_snippet_path = NULL;
++ struct poptOption long_options[] = {
++ {"config", 'c', POPT_ARG_STRING, &config_path,
++ 0, _("Specify a non-default config file"), NULL},
++ POPT_TABLEEND
++ };
++
++ ret = sss_tool_popt(cmdline, long_options, SSS_TOOL_OPT_OPTIONAL, NULL, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse command arguments\n");
+ return ret;
+@@ -62,17 +92,29 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+ goto done;
+ }
+
++ if (config_path != NULL) {
++ config_snippet_path = sssctl_config_snippet_path(tmp_ctx, config_path);
++ if (config_snippet_path == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create snippet path\n");
++ ret = ENOMEM;
++ goto done;
++ }
++ } else {
++ config_path = SSSD_CONFIG_FILE;
++ config_snippet_path = CONFDB_DEFAULT_CONFIG_DIR;
++ }
++
+ ret = sss_ini_read_sssd_conf(init_data,
+- SSSD_CONFIG_FILE,
+- CONFDB_DEFAULT_CONFIG_DIR);
++ config_path,
++ config_snippet_path);
+
+ if (ret == ERR_INI_OPEN_FAILED) {
+- PRINT("Failed to open %s\n", SSSD_CONFIG_FILE);
++ PRINT("Failed to open %s\n", config_path);
+ goto done;
+ }
+
+ if (!sss_ini_exists(init_data)) {
+- PRINT("File %1$s does not exist.\n", SSSD_CONFIG_FILE);
++ PRINT("File %1$s does not exist.\n", config_path);
+ }
+
+ if (ret == ERR_INI_INVALID_PERMISSION) {
+@@ -83,7 +125,7 @@ errno_t sssctl_config_check(struct sss_cmdline *cmdline,
+
+ if (ret == ERR_INI_PARSE_FAILED) {
+ PRINT("Failed to load configuration from %s.\n",
+- SSSD_CONFIG_FILE);
++ config_path);
+ goto done;
+ }
+
+--
+2.21.1
+
diff --git a/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch b/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch
new file mode 100644
index 0000000..00814b7
--- /dev/null
+++ b/SOURCES/0004-DEBUG-only-open-child-process-log-files-when-require.patch
@@ -0,0 +1,664 @@
+From 375887543daf26003ff7d900cf6a69d0c0b58523 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Wed, 27 May 2020 22:33:50 +0200
+Subject: [PATCH] DEBUG: only open child process log files when required
+
+There was no reason to keep child process log files open permanently.
+
+This patch:
+ - helps to avoid issue when SIGHUP was ignored for child process logs;
+ - somewhat reduces code duplication.
+
+Resolves: https://github.com/SSSD/sssd/issues/4667
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/providers/ad/ad_gpo.c | 17 +++--------------
+ src/providers/ad/ad_init.c | 7 -------
+ src/providers/ad/ad_machine_pw_renewal.c | 2 +-
+ src/providers/ipa/ipa_init.c | 7 -------
+ src/providers/ipa/ipa_selinux.c | 17 +----------------
+ src/providers/krb5/krb5_child_handler.c | 2 +-
+ src/providers/krb5/krb5_common.h | 1 -
+ src/providers/krb5/krb5_init_shared.c | 8 --------
+ src/providers/ldap/ldap_common.c | 3 ---
+ src/providers/ldap/ldap_common.h | 6 ------
+ src/providers/ldap/ldap_init.c | 7 -------
+ src/providers/ldap/sdap_child_helpers.c | 10 +---------
+ src/responder/pam/pamsrv.c | 1 -
+ src/responder/pam/pamsrv.h | 2 --
+ src/responder/pam/pamsrv_cmd.c | 2 +-
+ src/responder/pam/pamsrv_p11.c | 9 ++-------
+ src/responder/ssh/ssh_private.h | 1 -
+ src/responder/ssh/ssh_reply.c | 4 ++--
+ src/responder/ssh/sshsrv.c | 10 ----------
+ src/tests/cmocka/test_cert_utils.c | 12 ++++++------
+ src/util/cert.h | 2 +-
+ src/util/cert/cert_common_p11_child.c | 9 ++++-----
+ src/util/child_common.c | 21 +++++++++++++++++----
+ src/util/child_common.h | 6 ++----
+ 24 files changed, 42 insertions(+), 124 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index f17917552..bbe8d8a1e 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -99,15 +99,14 @@
+ #define GPO_CHILD SSSD_LIBEXEC_PATH"/gpo_child"
+ #endif
+
++#define GPO_CHILD_LOG_FILE "gpo_child"
++
+ /* If INI_PARSE_IGNORE_NON_KVP is not defined, use 0 (no effect) */
+ #ifndef INI_PARSE_IGNORE_NON_KVP
+ #define INI_PARSE_IGNORE_NON_KVP 0
+ #warning INI_PARSE_IGNORE_NON_KVP not defined.
+ #endif
+
+-/* fd used by the gpo_child process for logging */
+-int gpo_child_debug_fd = -1;
+-
+ /* == common data structures and declarations ============================= */
+
+ struct gp_som {
+@@ -1618,13 +1617,6 @@ ad_gpo_access_check(TALLOC_CTX *mem_ctx,
+ return ret;
+ }
+
+-#define GPO_CHILD_LOG_FILE "gpo_child"
+-
+-static errno_t gpo_child_init(void)
+-{
+- return child_debug_init(GPO_CHILD_LOG_FILE, &gpo_child_debug_fd);
+-}
+-
+ /*
+ * This function retrieves the raw policy_setting_value for the input key from
+ * the GPO_Result object in the sysdb cache. It then parses the raw value and
+@@ -1808,9 +1800,6 @@ ad_gpo_access_send(TALLOC_CTX *mem_ctx,
+ hash_value_t val;
+ enum gpo_map_type gpo_map_type;
+
+- /* setup logging for gpo child */
+- gpo_child_init();
+-
+ req = tevent_req_create(mem_ctx, &state, struct ad_gpo_access_state);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
+@@ -4763,7 +4752,7 @@ gpo_fork_child(struct tevent_req *req)
+ if (pid == 0) { /* child */
+ exec_child_ex(state,
+ pipefd_to_child, pipefd_from_child,
+- GPO_CHILD, gpo_child_debug_fd, NULL, false,
++ GPO_CHILD, GPO_CHILD_LOG_FILE, NULL, false,
+ STDIN_FILENO, AD_GPO_CHILD_OUT_FILENO);
+
+ /* We should never get here */
+diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
+index 05535fcb0..704e63a06 100644
+--- a/src/providers/ad/ad_init.c
++++ b/src/providers/ad/ad_init.c
+@@ -402,13 +402,6 @@ static errno_t ad_init_misc(struct be_ctx *be_ctx,
+
+ sdap_id_ctx->opts->sdom->pvt = ad_id_ctx;
+
+- ret = sdap_setup_child();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "sdap_setup_child() failed [%d]: %s\n",
+- ret, sss_strerror(ret));
+- return ret;
+- }
+-
+ ret = ad_init_srv_plugin(be_ctx, ad_options);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup SRV plugin [%d]: %s\n",
+diff --git a/src/providers/ad/ad_machine_pw_renewal.c b/src/providers/ad/ad_machine_pw_renewal.c
+index e0db5fad5..ce9bbe6f3 100644
+--- a/src/providers/ad/ad_machine_pw_renewal.c
++++ b/src/providers/ad/ad_machine_pw_renewal.c
+@@ -185,7 +185,7 @@ ad_machine_account_password_renewal_send(TALLOC_CTX *mem_ctx,
+ child_pid = fork();
+ if (child_pid == 0) { /* child */
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child,
+- renewal_data->prog_path, -1,
++ renewal_data->prog_path, NULL,
+ extra_args, true,
+ STDIN_FILENO, STDERR_FILENO);
+
+diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
+index cdfd11d7a..d8d592653 100644
+--- a/src/providers/ipa/ipa_init.c
++++ b/src/providers/ipa/ipa_init.c
+@@ -571,13 +571,6 @@ static errno_t ipa_init_misc(struct be_ctx *be_ctx,
+ return ret;
+ }
+
+- ret = sdap_setup_child();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n",
+- ret, sss_strerror(ret));
+- return ret;
+- }
+-
+ if (dp_opt_get_bool(ipa_options->basic, IPA_SERVER_MODE)) {
+ ret = ipa_init_server_mode(be_ctx, ipa_options, ipa_id_ctx);
+ if (ret != EOK) {
+diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
+index 630f68ad5..9ae37b90d 100644
+--- a/src/providers/ipa/ipa_selinux.c
++++ b/src/providers/ipa/ipa_selinux.c
+@@ -51,9 +51,6 @@
+
+ #include <selinux/selinux.h>
+
+-/* fd used by the selinux_child process for logging */
+-int selinux_child_debug_fd = -1;
+-
+ static struct tevent_req *
+ ipa_get_selinux_send(TALLOC_CTX *mem_ctx,
+ struct be_ctx *be_ctx,
+@@ -565,7 +562,6 @@ struct selinux_child_state {
+ struct child_io_fds *io;
+ };
+
+-static errno_t selinux_child_init(void);
+ static errno_t selinux_child_create_buffer(struct selinux_child_state *state);
+ static errno_t selinux_fork_child(struct selinux_child_state *state);
+ static void selinux_child_step(struct tevent_req *subreq);
+@@ -602,12 +598,6 @@ static struct tevent_req *selinux_child_send(TALLOC_CTX *mem_ctx,
+ state->io->read_from_child_fd = -1;
+ talloc_set_destructor((void *) state->io, child_io_destructor);
+
+- ret = selinux_child_init();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_OP_FAILURE, "Failed to init the child\n");
+- goto immediately;
+- }
+-
+ ret = selinux_child_create_buffer(state);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Failed to create the send buffer\n");
+@@ -638,11 +628,6 @@ immediately:
+ return req;
+ }
+
+-static errno_t selinux_child_init(void)
+-{
+- return child_debug_init(SELINUX_CHILD_LOG_FILE, &selinux_child_debug_fd);
+-}
+-
+ static errno_t selinux_child_create_buffer(struct selinux_child_state *state)
+ {
+ size_t rp;
+@@ -712,7 +697,7 @@ static errno_t selinux_fork_child(struct selinux_child_state *state)
+
+ if (pid == 0) { /* child */
+ exec_child(state, pipefd_to_child, pipefd_from_child,
+- SELINUX_CHILD, selinux_child_debug_fd);
++ SELINUX_CHILD, SELINUX_CHILD_LOG_FILE);
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not exec selinux_child: [%d][%s].\n",
+ ret, sss_strerror(ret));
+ return ret;
+diff --git a/src/providers/krb5/krb5_child_handler.c b/src/providers/krb5/krb5_child_handler.c
+index b7fb54499..8546285b2 100644
+--- a/src/providers/krb5/krb5_child_handler.c
++++ b/src/providers/krb5/krb5_child_handler.c
+@@ -465,7 +465,7 @@ static errno_t fork_child(struct tevent_req *req)
+ if (pid == 0) { /* child */
+ exec_child_ex(state,
+ pipefd_to_child, pipefd_from_child,
+- KRB5_CHILD, state->kr->krb5_ctx->child_debug_fd,
++ KRB5_CHILD, KRB5_CHILD_LOG_FILE,
+ krb5_child_extra_args, false,
+ STDIN_FILENO, STDOUT_FILENO);
+
+diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
+index 493d12e5f..f198e2684 100644
+--- a/src/providers/krb5/krb5_common.h
++++ b/src/providers/krb5/krb5_common.h
+@@ -124,7 +124,6 @@ struct krb5_ctx {
+ struct dp_option *opts;
+ struct krb5_service *service;
+ struct krb5_service *kpasswd_service;
+- int child_debug_fd;
+
+ sss_regexp_t *illegal_path_re;
+
+diff --git a/src/providers/krb5/krb5_init_shared.c b/src/providers/krb5/krb5_init_shared.c
+index afe15b365..ea3d32805 100644
+--- a/src/providers/krb5/krb5_init_shared.c
++++ b/src/providers/krb5/krb5_init_shared.c
+@@ -71,14 +71,6 @@ errno_t krb5_child_init(struct krb5_ctx *krb5_auth_ctx,
+ goto done;
+ }
+
+- krb5_auth_ctx->child_debug_fd = -1; /* -1 means not initialized */
+- ret = child_debug_init(KRB5_CHILD_LOG_FILE,
+- &krb5_auth_ctx->child_debug_fd);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_OP_FAILURE, "Could not set krb5_child debugging!\n");
+- goto done;
+- }
+-
+ ret = parse_krb5_map_user(krb5_auth_ctx,
+ dp_opt_get_cstring(krb5_auth_ctx->opts,
+ KRB5_MAP_USER),
+diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
+index 9d7806a2f..2133db36f 100644
+--- a/src/providers/ldap/ldap_common.c
++++ b/src/providers/ldap/ldap_common.c
+@@ -35,9 +35,6 @@
+
+ #include "providers/ldap/sdap_idmap.h"
+
+-/* a fd the child process would log into */
+-int ldap_child_debug_fd = -1;
+-
+ errno_t ldap_id_setup_tasks(struct sdap_id_ctx *ctx)
+ {
+ return sdap_id_setup_tasks(ctx->be, ctx, ctx->opts->sdom,
+diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
+index 63ee5dd84..13e6d4871 100644
+--- a/src/providers/ldap/ldap_common.h
++++ b/src/providers/ldap/ldap_common.h
+@@ -44,9 +44,6 @@
+
+ #define LDAP_ENUM_PURGE_TIMEOUT 10800
+
+-/* a fd the child process would log into */
+-extern int ldap_child_debug_fd;
+-
+ struct sdap_id_ctx;
+
+ struct sdap_id_conn_ctx {
+@@ -342,9 +339,6 @@ sdap_ipnetwork_handler_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *req,
+ struct dp_reply_std *data);
+
+-/* setup child logging */
+-int sdap_setup_child(void);
+-
+
+ errno_t string_to_shadowpw_days(const char *s, long *d);
+
+diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
+index 1be5d13de..de64e5985 100644
+--- a/src/providers/ldap/ldap_init.c
++++ b/src/providers/ldap/ldap_init.c
+@@ -419,13 +419,6 @@ static errno_t ldap_init_misc(struct be_ctx *be_ctx,
+ return ret;
+ }
+
+- ret = sdap_setup_child();
+- if (ret != EOK) {
+- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup sdap child [%d]: %s\n",
+- ret, sss_strerror(ret));
+- return ret;
+- }
+-
+ /* Setup SRV lookup plugin */
+ ret = be_fo_set_dns_srv_lookup_plugin(be_ctx, NULL);
+ if (ret != EOK) {
+diff --git a/src/providers/ldap/sdap_child_helpers.c b/src/providers/ldap/sdap_child_helpers.c
+index a03d28c9c..9d25aea8b 100644
+--- a/src/providers/ldap/sdap_child_helpers.c
++++ b/src/providers/ldap/sdap_child_helpers.c
+@@ -111,7 +111,7 @@ static errno_t sdap_fork_child(struct tevent_context *ev,
+ if (pid == 0) { /* child */
+ exec_child(child,
+ pipefd_to_child, pipefd_from_child,
+- LDAP_CHILD, ldap_child_debug_fd);
++ LDAP_CHILD, LDAP_CHILD_LOG_FILE);
+
+ /* We should never get here */
+ DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec LDAP child\n");
+@@ -512,11 +512,3 @@ static errno_t set_tgt_child_timeout(struct tevent_req *req,
+
+ return EOK;
+ }
+-
+-
+-
+-/* Setup child logging */
+-int sdap_setup_child(void)
+-{
+- return child_debug_init(LDAP_CHILD_LOG_FILE, &ldap_child_debug_fd);
+-}
+diff --git a/src/responder/pam/pamsrv.c b/src/responder/pam/pamsrv.c
+index a4c9ebbbb..dde44a472 100644
+--- a/src/responder/pam/pamsrv.c
++++ b/src/responder/pam/pamsrv.c
+@@ -277,7 +277,6 @@ static int pam_process_init(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
+- pctx->p11_child_debug_fd = -1;
+ if (pctx->cert_auth) {
+ ret = p11_child_init(pctx);
+ if (ret != EOK) {
+diff --git a/src/responder/pam/pamsrv.h b/src/responder/pam/pamsrv.h
+index 24bd9764d..478d91b93 100644
+--- a/src/responder/pam/pamsrv.h
++++ b/src/responder/pam/pamsrv.h
+@@ -54,7 +54,6 @@ struct pam_ctx {
+ char **app_services;
+
+ bool cert_auth;
+- int p11_child_debug_fd;
+ char *nss_db;
+ struct sss_certmap_ctx *sss_certmap_ctx;
+ char **smartcard_services;
+@@ -110,7 +109,6 @@ void sss_cai_check_users(struct cert_auth_info **list, size_t *_cert_count,
+
+ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd,
+ const char *nss_db,
+ time_t timeout,
+ const char *verify_opts,
+diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
+index ddde9eda2..1cd901f15 100644
+--- a/src/responder/pam/pamsrv_cmd.c
++++ b/src/responder/pam/pamsrv_cmd.c
+@@ -1404,7 +1404,7 @@ static errno_t check_cert(TALLOC_CTX *mctx,
+ return ret;
+ }
+
+- req = pam_check_cert_send(mctx, ev, pctx->p11_child_debug_fd,
++ req = pam_check_cert_send(mctx, ev,
+ pctx->nss_db, p11_child_timeout,
+ cert_verification_opts, pctx->sss_certmap_ctx,
+ uri, pd);
+diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
+index 8e276b200..3f0afaeff 100644
+--- a/src/responder/pam/pamsrv_p11.c
++++ b/src/responder/pam/pamsrv_p11.c
+@@ -242,7 +242,7 @@ errno_t p11_child_init(struct pam_ctx *pctx)
+ return ret;
+ }
+
+- return child_debug_init(P11_CHILD_LOG_FILE, &pctx->p11_child_debug_fd);
++ return EOK;
+ }
+
+ static inline bool
+@@ -705,7 +705,6 @@ static void p11_child_timeout(struct tevent_context *ev,
+
+ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd,
+ const char *nss_db,
+ time_t timeout,
+ const char *verify_opts,
+@@ -838,14 +837,10 @@ struct tevent_req *pam_check_cert_send(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
+- if (child_debug_fd == -1) {
+- child_debug_fd = STDERR_FILENO;
+- }
+-
+ child_pid = fork();
+ if (child_pid == 0) { /* child */
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child,
+- P11_CHILD_PATH, child_debug_fd, extra_args, false,
++ P11_CHILD_PATH, P11_CHILD_LOG_FILE, extra_args, false,
+ STDIN_FILENO, STDOUT_FILENO);
+
+ /* We should never get here */
+diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h
+index 028ccd616..5aa7e37d6 100644
+--- a/src/responder/ssh/ssh_private.h
++++ b/src/responder/ssh/ssh_private.h
+@@ -36,7 +36,6 @@ struct ssh_ctx {
+ char *ca_db;
+ bool use_cert_keys;
+
+- int p11_child_debug_fd;
+ time_t certmap_last_read;
+ struct sss_certmap_ctx *sss_certmap_ctx;
+ char **cert_rules;
+diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
+index 97914266d..edeb28765 100644
+--- a/src/responder/ssh/ssh_reply.c
++++ b/src/responder/ssh/ssh_reply.c
+@@ -249,7 +249,7 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx,
+ : state->user_cert_override;
+
+ subreq = cert_to_ssh_key_send(state, state->ev,
+- state->ssh_ctx->p11_child_debug_fd,
++ P11_CHILD_LOG_FILE,
+ state->p11_child_timeout,
+ state->ssh_ctx->ca_db,
+ state->ssh_ctx->sss_certmap_ctx,
+@@ -335,7 +335,7 @@ void ssh_get_output_keys_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- subreq = cert_to_ssh_key_send(state, state->ev, -1,
++ subreq = cert_to_ssh_key_send(state, state->ev, NULL,
+ state->p11_child_timeout,
+ state->ssh_ctx->ca_db,
+ state->ssh_ctx->sss_certmap_ctx,
+diff --git a/src/responder/ssh/sshsrv.c b/src/responder/ssh/sshsrv.c
+index 7765e91b8..6072a702c 100644
+--- a/src/responder/ssh/sshsrv.c
++++ b/src/responder/ssh/sshsrv.c
+@@ -126,16 +126,6 @@ int ssh_process_init(TALLOC_CTX *mem_ctx,
+ goto fail;
+ }
+
+- ssh_ctx->p11_child_debug_fd = -1;
+- if (ssh_ctx->use_cert_keys) {
+- ret = child_debug_init(P11_CHILD_LOG_FILE,
+- &ssh_ctx->p11_child_debug_fd);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_FATAL_FAILURE,
+- "Failed to setup p11_child logging, ignored.\n");
+- }
+- }
+-
+ ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
+diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
+index 848ed1a8d..1ff20576a 100644
+--- a/src/tests/cmocka/test_cert_utils.c
++++ b/src/tests/cmocka/test_cert_utils.c
+@@ -391,7 +391,7 @@ void test_cert_to_ssh_key_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -465,7 +465,7 @@ void test_cert_to_ssh_2keys_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -548,7 +548,7 @@ void test_cert_to_ssh_2keys_invalid_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -614,7 +614,7 @@ void test_ec_cert_to_ssh_key_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_ECC_CA/p11_ecc_nssdb",
+ #else
+@@ -691,7 +691,7 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+@@ -769,7 +769,7 @@ void test_cert_to_ssh_2keys_with_certmap_2_send(void **state)
+ ev = tevent_context_init(ts);
+ assert_non_null(ev);
+
+- req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
++ req = cert_to_ssh_key_send(ts, ev, NULL, P11_CHILD_TIMEOUT,
+ #ifdef HAVE_NSS
+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
+ #else
+diff --git a/src/util/cert.h b/src/util/cert.h
+index d038a99f6..16dda37b3 100644
+--- a/src/util/cert.h
++++ b/src/util/cert.h
+@@ -57,7 +57,7 @@ errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
+
+ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd, time_t timeout,
++ const char *logfile, time_t timeout,
+ const char *ca_db,
+ struct sss_certmap_ctx *sss_certmap_ctx,
+ size_t cert_count,
+diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c
+index 1846ff89a..18a331f23 100644
+--- a/src/util/cert/cert_common_p11_child.c
++++ b/src/util/cert/cert_common_p11_child.c
+@@ -24,7 +24,7 @@
+
+ struct cert_to_ssh_key_state {
+ struct tevent_context *ev;
+- int child_debug_fd;
++ const char *logfile;
+ time_t timeout;
+ const char **extra_args;
+ const char **certs;
+@@ -45,7 +45,7 @@ static void cert_to_ssh_key_done(int child_status,
+
+ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+- int child_debug_fd, time_t timeout,
++ const char *logfile, time_t timeout,
+ const char *ca_db,
+ struct sss_certmap_ctx *sss_certmap_ctx,
+ size_t cert_count,
+@@ -70,8 +70,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
+ }
+
+ state->ev = ev;
+- state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO
+- : child_debug_fd;
++ state->logfile = logfile;
+ state->timeout = timeout;
+ state->io = talloc(state, struct child_io_fds);
+ if (state->io == NULL) {
+@@ -205,7 +204,7 @@ static errno_t cert_to_ssh_key_step(struct tevent_req *req)
+ child_pid = fork();
+ if (child_pid == 0) { /* child */
+ exec_child_ex(state, pipefd_to_child, pipefd_from_child, P11_CHILD_PATH,
+- state->child_debug_fd, state->extra_args, false,
++ state->logfile, state->extra_args, false,
+ STDIN_FILENO, STDOUT_FILENO);
+ /* We should never get here */
+ DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Could not exec p11 child\n");
+diff --git a/src/util/child_common.c b/src/util/child_common.c
+index 3a07580c2..5cac725ca 100644
+--- a/src/util/child_common.c
++++ b/src/util/child_common.c
+@@ -47,6 +47,8 @@ struct sss_child_ctx {
+ struct sss_sigchild_ctx *sigchld_ctx;
+ };
+
++static errno_t child_debug_init(const char *logfile, int *debug_fd);
++
+ static void sss_child_handler(struct tevent_context *ev,
+ struct tevent_signal *se,
+ int signum,
+@@ -725,13 +727,24 @@ fail:
+
+ void exec_child_ex(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd,
++ const char *binary, const char *logfile,
+ const char *extra_argv[], bool extra_args_only,
+ int child_in_fd, int child_out_fd)
+ {
+ int ret;
+ errno_t err;
+ char **argv;
++ int debug_fd = -1;
++
++ if (logfile) {
++ ret = child_debug_init(logfile, &debug_fd);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "child_debug_init() failed.\n");
++ exit(EXIT_FAILURE);
++ }
++ } else {
++ debug_fd = STDERR_FILENO;
++ }
+
+ close(pipefd_to_child[1]);
+ ret = dup2(pipefd_to_child[0], child_in_fd);
+@@ -767,10 +780,10 @@ void exec_child_ex(TALLOC_CTX *mem_ctx,
+
+ void exec_child(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd)
++ const char *binary, const char *logfile)
+ {
+ exec_child_ex(mem_ctx, pipefd_to_child, pipefd_from_child,
+- binary, debug_fd, NULL, false,
++ binary, logfile, NULL, false,
+ STDIN_FILENO, STDOUT_FILENO);
+ }
+
+@@ -803,7 +816,7 @@ int child_io_destructor(void *ptr)
+ return EOK;
+ }
+
+-errno_t child_debug_init(const char *logfile, int *debug_fd)
++static errno_t child_debug_init(const char *logfile, int *debug_fd)
+ {
+ int ret;
+ FILE *debug_filep;
+diff --git a/src/util/child_common.h b/src/util/child_common.h
+index 37116e2a7..92d66a500 100644
+--- a/src/util/child_common.h
++++ b/src/util/child_common.h
+@@ -106,7 +106,7 @@ void fd_nonblocking(int fd);
+ /* Never returns EOK, ether returns an error, or doesn't return on success */
+ void exec_child_ex(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd,
++ const char *binary, const char *logfile,
+ const char *extra_argv[], bool extra_args_only,
+ int child_in_fd, int child_out_fd);
+
+@@ -115,10 +115,8 @@ void exec_child_ex(TALLOC_CTX *mem_ctx,
+ */
+ void exec_child(TALLOC_CTX *mem_ctx,
+ int *pipefd_to_child, int *pipefd_from_child,
+- const char *binary, int debug_fd);
++ const char *binary, const char *logfile);
+
+ int child_io_destructor(void *ptr);
+
+-errno_t child_debug_init(const char *logfile, int *debug_fd);
+-
+ #endif /* __CHILD_COMMON_H__ */
+--
+2.21.3
+
diff --git a/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch b/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch
deleted file mode 100644
index 55e38db..0000000
--- a/SOURCES/0004-util-watchdog-fixed-watchdog-implementation.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 2c13d8bd00f1e8ff30e9fc81f183f6450303ac30 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Wed, 11 Dec 2019 18:42:49 +0100
-Subject: [PATCH] util/watchdog: fixed watchdog implementation
-
-In case watchdog detected locked process and this process was parent
-process it just sent SIGTERM to the whole group of processes, including
-itself.
-This handling was wrong: generic `server_setup()` installs custom
-libtevent handler for SIGTERM signal so this signal is only processed
-in the context of tevent mainloop. But if tevent mainloop is stuck
-(exactly the case that triggers WD) then event is not processed
-and this made watchdog useless.
-`watchdog_handler()` and `watchdog_detect_timeshift()` were amended to do
-unconditional `_exit()` after optionally sending a signal to the group.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4089
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/util/util_watchdog.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/util/util_watchdog.c b/src/util/util_watchdog.c
-index a07275b19..38c248271 100644
---- a/src/util/util_watchdog.c
-+++ b/src/util/util_watchdog.c
-@@ -54,9 +54,8 @@ static void watchdog_detect_timeshift(void)
- if (write(watchdog_ctx.pipefd[1], "1", 1) != 1) {
- if (getpid() == getpgrp()) {
- kill(-getpgrp(), SIGTERM);
-- } else {
-- _exit(1);
- }
-+ _exit(1);
- }
- }
- }
-@@ -75,9 +74,8 @@ static void watchdog_handler(int sig)
- if (__sync_add_and_fetch(&watchdog_ctx.ticks, 1) > WATCHDOG_MAX_TICKS) {
- if (getpid() == getpgrp()) {
- kill(-getpgrp(), SIGTERM);
-- } else {
-- _exit(1);
- }
-+ _exit(1);
- }
- }
-
---
-2.20.1
-
diff --git a/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch b/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
new file mode 100644
index 0000000..f1dc851
--- /dev/null
+++ b/SOURCES/0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
@@ -0,0 +1,64 @@
+From e58853f9ce63fae0c8b219b79be65c760a2f3e7e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 5 Jun 2020 13:57:59 +0200
+Subject: [PATCH] DEBUG: use new exec_child(_ex) interface in tests
+
+Resolves: https://github.com/SSSD/sssd/issues/4667
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/tests/cmocka/test_child_common.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/tests/cmocka/test_child_common.c b/src/tests/cmocka/test_child_common.c
+index 5cf460b50..87cae3405 100644
+--- a/src/tests/cmocka/test_child_common.c
++++ b/src/tests/cmocka/test_child_common.c
+@@ -97,7 +97,7 @@ void test_exec_child(void **state)
+ exec_child(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2);
++ CHILD_DIR"/"TEST_BIN, NULL);
+ } else {
+ do {
+ errno = 0;
+@@ -168,7 +168,7 @@ static void extra_args_test(struct child_test_ctx *child_tctx,
+ exec_child_ex(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2, extra_args,
++ CHILD_DIR"/"TEST_BIN, NULL, extra_args,
+ extra_args_only,
+ STDIN_FILENO, STDOUT_FILENO);
+ } else {
+@@ -291,7 +291,7 @@ void test_exec_child_handler(void **state)
+ exec_child(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2);
++ CHILD_DIR"/"TEST_BIN, NULL);
+ }
+
+ ret = child_handler_setup(child_tctx->test_ctx->ev, child_pid,
+@@ -341,7 +341,7 @@ void test_exec_child_echo(void **state)
+ exec_child_ex(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2, NULL, false,
++ CHILD_DIR"/"TEST_BIN, NULL, NULL, false,
+ STDIN_FILENO, 3);
+ }
+
+@@ -474,7 +474,7 @@ void test_sss_child(void **state)
+ exec_child(child_tctx,
+ child_tctx->pipefd_to_child,
+ child_tctx->pipefd_from_child,
+- CHILD_DIR"/"TEST_BIN, 2);
++ CHILD_DIR"/"TEST_BIN, NULL);
+ }
+
+ ret = sss_child_register(child_tctx, sc_ctx,
+--
+2.21.3
+
diff --git a/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch b/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch
deleted file mode 100644
index 3f7e620..0000000
--- a/SOURCES/0005-providers-krb5-got-rid-of-unused-code.patch
+++ /dev/null
@@ -1,56 +0,0 @@
-From 1d4a7ffdcf8b303a40058db49d5e1be4bfb8271a Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 9 Dec 2019 17:20:28 +0100
-Subject: [PATCH 5/7] providers/krb5: got rid of unused code
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/providers/krb5/krb5_common.c | 10 ----------
- src/providers/krb5/krb5_common.h | 7 -------
- 2 files changed, 17 deletions(-)
-
-diff --git a/src/providers/krb5/krb5_common.c b/src/providers/krb5/krb5_common.c
-index bfda561c1..5c11c347b 100644
---- a/src/providers/krb5/krb5_common.c
-+++ b/src/providers/krb5/krb5_common.c
-@@ -1133,16 +1133,6 @@ void remove_krb5_info_files_callback(void *pvt)
- talloc_free(ctx);
- }
-
--void krb5_finalize(struct tevent_context *ev,
-- struct tevent_signal *se,
-- int signum,
-- int count,
-- void *siginfo,
-- void *private_data)
--{
-- orderly_shutdown(0);
--}
--
- errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
- struct sss_domain_info *dom, const char *username,
- const char *user_dom, char **_upn)
-diff --git a/src/providers/krb5/krb5_common.h b/src/providers/krb5/krb5_common.h
-index cc9313115..493d12e5f 100644
---- a/src/providers/krb5/krb5_common.h
-+++ b/src/providers/krb5/krb5_common.h
-@@ -196,13 +196,6 @@ int krb5_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
-
- void remove_krb5_info_files_callback(void *pvt);
-
--void krb5_finalize(struct tevent_context *ev,
-- struct tevent_signal *se,
-- int signum,
-- int count,
-- void *siginfo,
-- void *private_data);
--
- errno_t remove_krb5_info_files(TALLOC_CTX *mem_ctx, const char *realm);
-
- errno_t krb5_get_simple_upn(TALLOC_CTX *mem_ctx, struct krb5_ctx *krb5_ctx,
---
-2.20.1
-
diff --git a/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch b/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
new file mode 100644
index 0000000..fb1911d
--- /dev/null
+++ b/SOURCES/0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
@@ -0,0 +1,60 @@
+From 88e92967a7b4e3e4501b17f21812467effa331c7 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Tue, 16 Jun 2020 13:51:28 +0200
+Subject: [PATCH] NEGCACHE: skip permanent entries in [users/groups] reset
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Files provider calling `sss_ncache_reset_[users/groups]()`
+during cache rebuilding was breaking neg-cache prepopulation.
+
+Resolves: https://github.com/SSSD/sssd/issues/1024
+
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/responder/common/negcache.c | 9 +++++++++
+ src/responder/common/negcache.h | 1 +
+ 2 files changed, 10 insertions(+)
+
+diff --git a/src/responder/common/negcache.c b/src/responder/common/negcache.c
+index d9545aef6..ce1c0ab8c 100644
+--- a/src/responder/common/negcache.c
++++ b/src/responder/common/negcache.c
+@@ -900,12 +900,21 @@ static int delete_prefix(struct tdb_context *tdb,
+ TDB_DATA key, TDB_DATA data, void *state)
+ {
+ const char *prefix = (const char *) state;
++ unsigned long long int timestamp;
++ char *ep = NULL;
+
+ if (strncmp((char *)key.dptr, prefix, strlen(prefix) - 1) != 0) {
+ /* not interested in this key */
+ return 0;
+ }
+
++ errno = 0;
++ timestamp = strtoull((const char *)data.dptr, &ep, 10);
++ if ((errno == 0) && (*ep == '\0') && (timestamp == 0)) {
++ /* skip permanent entries */
++ return 0;
++ }
++
+ return tdb_delete(tdb, key);
+ }
+
+diff --git a/src/responder/common/negcache.h b/src/responder/common/negcache.h
+index a80412215..4dcfb5e8f 100644
+--- a/src/responder/common/negcache.h
++++ b/src/responder/common/negcache.h
+@@ -146,6 +146,7 @@ int sss_ncache_set_locate_uid(struct sss_nc_ctx *ctx,
+ uid_t uid);
+
+ int sss_ncache_reset_permanent(struct sss_nc_ctx *ctx);
++/* sss_ncache_reset_[users/groups] skips permanent entries */
+ int sss_ncache_reset_users(struct sss_nc_ctx *ctx);
+ int sss_ncache_reset_groups(struct sss_nc_ctx *ctx);
+
+--
+2.21.3
+
diff --git a/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch b/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch
deleted file mode 100644
index a8205b7..0000000
--- a/SOURCES/0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-From e41e9b37e4d3fcd8544fb6c591dafbaef0954438 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 9 Dec 2019 17:48:14 +0100
-Subject: [PATCH 6/7] data_provider_be: got rid of duplicating SIGTERM handler
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-It was wrong to install two libtevent SIGTERM handlers both of which did
-orderly_shutdown()->exit(). Naturally only one of the handlers was executed
-(as process was terminated with exit()) and libtevent docs doesn't say
-anything about order of execution. But chances are, be_process_finalize()
-was executed first so default_quit() was not executed and main_ctx was not
-freed.
-
-Moreover there is just no reason to have separate be_process_finalize()
-at all: default server handler default_quit() frees main_ctx. And be_ctx
-is linked to main_ctx so will be freed by default handler as well.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4088
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/providers/data_provider_be.c | 37 --------------------------------
- 1 file changed, 37 deletions(-)
-
-diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
-index cfcf0268d..ce00231ff 100644
---- a/src/providers/data_provider_be.c
-+++ b/src/providers/data_provider_be.c
-@@ -445,36 +445,6 @@ be_register_monitor_iface(struct sbus_connection *conn, struct be_ctx *be_ctx)
- return sbus_connection_add_path_map(be_ctx->mon_conn, paths);
- }
-
--static void be_process_finalize(struct tevent_context *ev,
-- struct tevent_signal *se,
-- int signum,
-- int count,
-- void *siginfo,
-- void *private_data)
--{
-- struct be_ctx *be_ctx;
--
-- be_ctx = talloc_get_type(private_data, struct be_ctx);
-- talloc_free(be_ctx);
-- orderly_shutdown(0);
--}
--
--static errno_t be_process_install_sigterm_handler(struct be_ctx *be_ctx)
--{
-- struct tevent_signal *sige;
--
-- BlockSignals(false, SIGTERM);
--
-- sige = tevent_add_signal(be_ctx->ev, be_ctx, SIGTERM, SA_SIGINFO,
-- be_process_finalize, be_ctx);
-- if (sige == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "tevent_add_signal failed.\n");
-- return ENOMEM;
-- }
--
-- return EOK;
--}
--
- static void dp_initialized(struct tevent_req *req);
-
- errno_t be_process_init(TALLOC_CTX *mem_ctx,
-@@ -566,13 +536,6 @@ errno_t be_process_init(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-- /* Install signal handler */
-- ret = be_process_install_sigterm_handler(be_ctx);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "be_install_sigterm_handler failed.\n");
-- goto done;
-- }
--
- req = dp_init_send(be_ctx, be_ctx->ev, be_ctx, be_ctx->uid, be_ctx->gid);
- if (req == NULL) {
- ret = ENOMEM;
---
-2.20.1
-
diff --git a/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch b/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch
new file mode 100644
index 0000000..442552a
--- /dev/null
+++ b/SOURCES/0007-util-inotify-fixed-CLANG_WARNING.patch
@@ -0,0 +1,46 @@
+From 144e78dfebc0fd01feb6c11a37f81d01146cf33a Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 12 Jun 2020 19:10:33 +0200
+Subject: [PATCH] util/inotify: fixed CLANG_WARNING
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fixed following warning:
+```
+sssd-2.3.1/src/util/inotify.c:346:17: warning: Value stored to 'ret' is never read
+ # ret = EOK;
+ # ^ ~~~
+```
+
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/util/inotify.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/inotify.c b/src/util/inotify.c
+index ffc15ad4d..cf3e3d84d 100644
+--- a/src/util/inotify.c
++++ b/src/util/inotify.c
+@@ -319,7 +319,9 @@ static void snotify_internal_cb(struct tevent_context *ev,
+
+ in_event = (const struct inotify_event *) ptr;
+
+- //debug_flags(in_event->mask, in_event->name);
++#if 0
++ debug_flags(in_event->mask, in_event->name);
++#endif
+
+ if (snctx->wctx->dir_wd == in_event->wd) {
+ ret = process_dir_event(snctx, in_event);
+@@ -343,7 +345,6 @@ static void snotify_internal_cb(struct tevent_context *ev,
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Unknown watch %d\n", in_event->wd);
+- ret = EOK;
+ }
+ }
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0007-util-server-improved-debug-at-shutdown.patch b/SOURCES/0007-util-server-improved-debug-at-shutdown.patch
deleted file mode 100644
index 727d7cc..0000000
--- a/SOURCES/0007-util-server-improved-debug-at-shutdown.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 3f52de891cba55230730602d41c3811cf1b17d96 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Mon, 9 Dec 2019 18:26:56 +0100
-Subject: [PATCH 7/7] util/server: improved debug at shutdown
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Relates: https://pagure.io/SSSD/sssd/issue/4088
-
-Reviewed-by: Michal Židek <mzidek@redhat.com>
----
- src/util/server.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/server.c b/src/util/server.c
-index ee57ac128..33524066e 100644
---- a/src/util/server.c
-+++ b/src/util/server.c
-@@ -242,7 +242,8 @@ void orderly_shutdown(int status)
- kill(-getpgrp(), SIGTERM);
- }
- #endif
-- if (status == 0) sss_log(SSS_LOG_INFO, "Shutting down");
-+ DEBUG(SSSDBG_IMPORTANT_INFO, "Shutting down (status = %d)", status);
-+ sss_log(SSS_LOG_INFO, "Shutting down (status = %d)", status);
- exit(status);
- }
-
---
-2.20.1
-
diff --git a/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch b/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
new file mode 100644
index 0000000..6ff905e
--- /dev/null
+++ b/SOURCES/0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
@@ -0,0 +1,97 @@
+From 0c5711f9bae1cb46d4cd3fbe5d86d8688087be13 Mon Sep 17 00:00:00 2001
+From: Alexey Tikhonov <atikhono@redhat.com>
+Date: Fri, 12 Jun 2020 20:45:23 +0200
+Subject: [PATCH] util/inotify: fixed bug in inotify event processing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error was spotted with the help of the following warning:
+```
+Error: CLANG_WARNING:
+sssd-2.3.1/src/util/inotify.c:327:21: warning: Value stored to 'rewatch' is never read
+ # rewatch = true;
+ # ^ ~~~~
+```
+
+First part of the issue was that EAGAIN returned by the process_dir_event()
+didn't trigger snotify_rewatch() (as suggested by the comments).
+Fixing this part is already enough to resolve issue #1031 (as it was
+reported).
+
+Another part of the issue was that process_file_event() return code wasn't
+checked against EAGAIN (again, as suggested by the DEBUG message).
+Strictly speaking, I'm not sure if this part is really required or
+if processing DIR events would cover all cases, but rebuilding watches
+on IN_IGNORED won't hurt.
+
+Resolves: https://github.com/SSSD/sssd/issues/1031
+
+Reviewed-by: Tomáš Halman <thalman@redhat.com>
+---
+ src/util/inotify.c | 30 +++++++++++++-----------------
+ 1 file changed, 13 insertions(+), 17 deletions(-)
+
+diff --git a/src/util/inotify.c b/src/util/inotify.c
+index cf3e3d84d..a3c33eddb 100644
+--- a/src/util/inotify.c
++++ b/src/util/inotify.c
+@@ -286,7 +286,7 @@ static void snotify_internal_cb(struct tevent_context *ev,
+ struct snotify_ctx *snctx;
+ ssize_t len;
+ errno_t ret;
+- bool rewatch;
++ bool rewatch = false;
+
+ snctx = talloc_get_type(data, struct snotify_ctx);
+ if (snctx == NULL) {
+@@ -305,7 +305,7 @@ static void snotify_internal_cb(struct tevent_context *ev,
+ } else {
+ DEBUG(SSSDBG_TRACE_INTERNAL, "All inotify events processed\n");
+ }
+- return;
++ break;
+ }
+
+ if ((size_t) len < sizeof(struct inotify_event)) {
+@@ -325,26 +325,22 @@ static void snotify_internal_cb(struct tevent_context *ev,
+
+ if (snctx->wctx->dir_wd == in_event->wd) {
+ ret = process_dir_event(snctx, in_event);
+- if (ret == EAGAIN) {
+- rewatch = true;
+- /* Continue with the loop and read all the events from
+- * this descriptor first, then rewatch when done
+- */
+- } else if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "Failed to process inotify event\n");
+- continue;
+- }
+ } else if (snctx->wctx->file_wd == in_event->wd) {
+ ret = process_file_event(snctx, in_event);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_MINOR_FAILURE,
+- "Failed to process inotify event\n");
+- continue;
+- }
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Unknown watch %d\n", in_event->wd);
++ ret = EOK;
++ }
++
++ if (ret == EAGAIN) {
++ rewatch = true;
++ /* Continue with the loop and read all the events from
++ * this descriptor first, then rewatch when done
++ */
++ } else if (ret != EOK) {
++ DEBUG(SSSDBG_MINOR_FAILURE,
++ "Failed to process inotify event\n");
+ }
+ }
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch b/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch
deleted file mode 100644
index 4370350..0000000
--- a/SOURCES/0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 26e33b1984cce3549df170f58f8221201ad54cfd Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 7 Jan 2020 16:29:05 +0100
-Subject: [PATCH] util/sss_ptr_hash: fixed double free in
- sss_ptr_hash_delete_cb()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Calling data->callback(value->ptr) in sss_ptr_hash_delete_cb() could lead
-to freeing of value->ptr and thus to destruction of value->spy that is
-attached to value->ptr.
-In turn sss_ptr_hash_spy_destructor() calls sss_ptr_hash_delete() ->
-hash_delete() -> sss_ptr_hash_delete_cb() again and in this recursive
-execution hash entry was actually deleted and value was freed.
-When stack was unwound back to "first" sss_ptr_hash_delete_cb() it tried
-to free value again => double free.
-
-To prevent this bug value and hence spy are now freed before execution of
-data->callback(value->ptr).
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4135
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index c7403ffa6..8f9762cb9 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -154,13 +154,13 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- callback_entry.value.type = HASH_VALUE_PTR;
- callback_entry.value.ptr = value->ptr;
-
-+ /* Free value, this also will disable spy */
-+ talloc_free(value);
-+
- /* Switch to the input value and call custom callback. */
- if (data->callback != NULL) {
- data->callback(&callback_entry, deltype, data->pvt);
- }
--
-- /* Free value. */
-- talloc_free(value);
- }
-
- hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
---
-2.20.1
-
diff --git a/SOURCES/0009-Replaced-enter-with-insert.patch b/SOURCES/0009-Replaced-enter-with-insert.patch
new file mode 100644
index 0000000..400d261
--- /dev/null
+++ b/SOURCES/0009-Replaced-enter-with-insert.patch
@@ -0,0 +1,46 @@
+From 02fbf47a85228c131f1b0575da091a01da700189 Mon Sep 17 00:00:00 2001
+From: vinay mishra <vmishra@redhat.com>
+Date: Mon, 18 May 2020 10:32:55 +0530
+Subject: [PATCH] Replaced 'enter' with 'insert'
+
+Resolves: https://github.com/SSSD/sssd/issues/5164
+
+Signed-off-by: vinay mishra <vmishra@redhat.com>
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/sss_client/pam_sss.c | 4 ++--
+ src/tests/intg/test_pam_responder.py | 2 +-
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index d4f0a8917..69b440774 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -2422,8 +2422,8 @@ static int get_authtok_for_password_change(pam_handle_t *pamh,
+ return PAM_SUCCESS;
+ }
+
+-#define SC_ENTER_LABEL_FMT "Please enter smart card labeled\n %s"
+-#define SC_ENTER_FMT "Please enter smart card"
++#define SC_ENTER_LABEL_FMT "Please insert smart card labeled\n %s"
++#define SC_ENTER_FMT "Please insert smart card"
+
+ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
+ int retries, bool quiet_mode)
+diff --git a/src/tests/intg/test_pam_responder.py b/src/tests/intg/test_pam_responder.py
+index 9b5e650ca..7a2458339 100644
+--- a/src/tests/intg/test_pam_responder.py
++++ b/src/tests/intg/test_pam_responder.py
+@@ -512,7 +512,7 @@ def test_require_sc_auth_no_cert(simple_pam_cert_auth_no_cert, env_for_sssctl):
+ assert end_time > start_time and \
+ (end_time - start_time) >= 20 and \
+ (end_time - start_time) < 40
+- assert out.find("Please enter smart card\nPlease enter smart card") != -1
++ assert out.find("Please insert smart card\nPlease insert smart card") != -1
+ assert err.find("pam_authenticate for user [user1]: Authentication " +
+ "service cannot retrieve authentication info") != -1
+
+--
+2.21.3
+
diff --git a/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch b/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch
deleted file mode 100644
index 212ff00..0000000
--- a/SOURCES/0009-sdap-Add-randomness-to-ldap-connection-timeout.patch
+++ /dev/null
@@ -1,195 +0,0 @@
-From bd201746f8cf0e95615b3e98868555451b5e66b8 Mon Sep 17 00:00:00 2001
-From: Tomas Halman <thalman@redhat.com>
-Date: Mon, 2 Dec 2019 11:11:52 +0100
-Subject: [PATCH] sdap: Add randomness to ldap connection timeout
-
-In case of mass deployment, mass registration of IPA clients roughly on
-the same time leads to regular CPU load spikes on IPA servers, the load
-spikes are caused by all/most clients refreshing their LDAP connections
-(ldap_connection_expire_timeout) every 15 minutes.
-
-This patch introduces new random value (from 0 up to
-ldap_connection_expire_offset) that is added to the timeout.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/3630
-
-Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
----
- src/config/cfg_rules.ini | 1 +
- src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
- src/man/sssd-ldap.5.xml | 19 +++++++++++++++++++
- src/providers/ad/ad_opts.c | 1 +
- src/providers/ipa/ipa_opts.c | 1 +
- src/providers/ldap/ldap_opts.c | 1 +
- src/providers/ldap/sdap.h | 1 +
- src/providers/ldap/sdap_async_connection.c | 12 ++++++++++++
- 10 files changed, 39 insertions(+)
-
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 8c73c89ac..c56d5a668 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -600,6 +600,7 @@ option = ldap_chpass_dns_service_name
- option = ldap_chpass_update_last_change
- option = ldap_chpass_uri
- option = ldap_connection_expire_timeout
-+option = ldap_connection_expire_offset
- option = ldap_default_authtok
- option = ldap_default_authtok_type
- option = ldap_default_bind_dn
-diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
-index 80e329b3b..aaa0b2345 100644
---- a/src/config/etc/sssd.api.d/sssd-ad.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
-@@ -58,6 +58,7 @@ ldap_deref = str, None, false
- ldap_page_size = int, None, false
- ldap_deref_threshold = int, None, false
- ldap_connection_expire_timeout = int, None, false
-+ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
- krb5_confd_path = str, None, false
- wildcard_limit = int, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
-index e2d46db75..7ed153d36 100644
---- a/src/config/etc/sssd.api.d/sssd-ipa.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
-@@ -52,6 +52,7 @@ ldap_deref = str, None, false
- ldap_page_size = int, None, false
- ldap_deref_threshold = int, None, false
- ldap_connection_expire_timeout = int, None, false
-+ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
- krb5_confd_path = str, None, false
- wildcard_limit = int, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
-index 01c1d7f12..4f73e901e 100644
---- a/src/config/etc/sssd.api.d/sssd-ldap.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
-@@ -36,6 +36,7 @@ ldap_deref_threshold = int, None, false
- ldap_sasl_canonicalize = bool, None, false
- ldap_sasl_minssf = int, None, false
- ldap_connection_expire_timeout = int, None, false
-+ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
- ldap_disable_range_retrieval = bool, None, false
- wildcard_limit = int, None, false
-diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
-index 6d1ae23ec..f8bb973c7 100644
---- a/src/man/sssd-ldap.5.xml
-+++ b/src/man/sssd-ldap.5.xml
-@@ -509,12 +509,31 @@
- the two values (this value vs. the TGT lifetime)
- will be used.
- </para>
-+ <para>
-+ This timeout can be extended of a random
-+ value specified by
-+ <emphasis>ldap_connection_expire_offset</emphasis>
-+ </para>
- <para>
- Default: 900 (15 minutes)
- </para>
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>ldap_connection_expire_offset (integer)</term>
-+ <listitem>
-+ <para>
-+ Random offset between 0 and configured value
-+ is added to
-+ <emphasis>ldap_connection_expire_timeout</emphasis>.
-+ </para>
-+ <para>
-+ Default: 0
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term>ldap_page_size (integer)</term>
- <listitem>
-diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
-index cd568e466..1293219ee 100644
---- a/src/providers/ad/ad_opts.c
-+++ b/src/providers/ad/ad_opts.c
-@@ -137,6 +137,7 @@ struct dp_option ad_def_ldap_opts[] = {
- { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
- { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
-+ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
- { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
- { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER },
-diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
-index 7974cb8ea..4fafa073d 100644
---- a/src/providers/ipa/ipa_opts.c
-+++ b/src/providers/ipa/ipa_opts.c
-@@ -147,6 +147,7 @@ struct dp_option ipa_def_ldap_opts[] = {
- { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
- { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
-+ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
- { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
- { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER },
-diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c
-index a20ec0d86..ffd0c6baa 100644
---- a/src/providers/ldap/ldap_opts.c
-+++ b/src/providers/ldap/ldap_opts.c
-@@ -107,6 +107,7 @@ struct dp_option default_basic_opts[] = {
- { "ldap_deref_threshold", DP_OPT_NUMBER, { .number = 10 }, NULL_NUMBER },
- { "ldap_sasl_canonicalize", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_connection_expire_timeout", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER },
-+ { "ldap_connection_expire_offset", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
- { "ldap_disable_paging", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_idmap_range_min", DP_OPT_NUMBER, { .number = 200000 }, NULL_NUMBER },
- { "ldap_idmap_range_max", DP_OPT_NUMBER, { .number = 2000200000LL }, NULL_NUMBER },
-diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
-index d0a19a660..f27b3c480 100644
---- a/src/providers/ldap/sdap.h
-+++ b/src/providers/ldap/sdap.h
-@@ -221,6 +221,7 @@ enum sdap_basic_opt {
- SDAP_DEREF_THRESHOLD,
- SDAP_SASL_CANONICALIZE,
- SDAP_EXPIRE_TIMEOUT,
-+ SDAP_EXPIRE_OFFSET,
- SDAP_DISABLE_PAGING,
- SDAP_IDMAP_LOWER,
- SDAP_IDMAP_UPPER,
-diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
-index 0260cba6f..7438d14a7 100644
---- a/src/providers/ldap/sdap_async_connection.c
-+++ b/src/providers/ldap/sdap_async_connection.c
-@@ -1803,6 +1803,8 @@ static void sdap_cli_auth_step(struct tevent_req *req)
- struct tevent_req *subreq;
- time_t now;
- int expire_timeout;
-+ int expire_offset;
-+
- const char *sasl_mech = dp_opt_get_string(state->opts->basic,
- SDAP_SASL_MECH);
- const char *user_dn = dp_opt_get_string(state->opts->basic,
-@@ -1832,6 +1834,16 @@ static void sdap_cli_auth_step(struct tevent_req *req)
- */
- now = time(NULL);
- expire_timeout = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_TIMEOUT);
-+ expire_offset = dp_opt_get_int(state->opts->basic, SDAP_EXPIRE_OFFSET);
-+ if (expire_offset > 0) {
-+ expire_timeout += sss_rand() % (expire_offset + 1);
-+ } else if (expire_offset < 0) {
-+ DEBUG(SSSDBG_MINOR_FAILURE,
-+ "Negative value [%d] of ldap_connection_expire_offset "
-+ "is not allowed.\n",
-+ expire_offset);
-+ }
-+
- DEBUG(SSSDBG_CONF_SETTINGS, "expire timeout is %d\n", expire_timeout);
- if (!state->sh->expire_time
- || (state->sh->expire_time > (now + expire_timeout))) {
---
-2.20.1
-
diff --git a/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch b/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
new file mode 100644
index 0000000..31c91ee
--- /dev/null
+++ b/SOURCES/0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
@@ -0,0 +1,166 @@
+From aac4dbb17f3e19a2fbeefb38b3319827d3bf820e Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 13 May 2020 13:13:43 +0200
+Subject: [PATCH] NSS client: preserve errno during _nss_sss_end* calls
+
+glibc does not expect that errno is changed by some of the calls
+provided by nss modules. This caused at least issues when
+_nss_sss_endpwent() is called in compat mode. According to
+https://pubs.opengroup.org/onlinepubs/9699919799/functions/endpwent.html
+endpwent() should only set errno in the case of an error. Since there is
+no other way to report an error we will set errno in the case of an
+error but preserve it otherwise. This should cause no issues because
+glibc is taking precautions as well tracked by
+https://sourceware.org/bugzilla/show_bug.cgi?id=25976.
+
+To be on the safe side the other _nss_sss_end* calls will show the same
+behavior.
+
+Resolves: https://github.com/SSSD/sssd/issues/5153
+
+Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
+---
+ src/sss_client/nss_group.c | 3 +++
+ src/sss_client/nss_hosts.c | 4 +++-
+ src/sss_client/nss_ipnetworks.c | 4 +++-
+ src/sss_client/nss_netgroup.c | 3 +++
+ src/sss_client/nss_passwd.c | 3 +++
+ src/sss_client/nss_services.c | 3 +++
+ 6 files changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/src/sss_client/nss_group.c b/src/sss_client/nss_group.c
+index 5ab2bdf78..4a201bf09 100644
+--- a/src/sss_client/nss_group.c
++++ b/src/sss_client/nss_group.c
+@@ -735,6 +735,7 @@ enum nss_status _nss_sss_endgrent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -745,6 +746,8 @@ enum nss_status _nss_sss_endgrent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+diff --git a/src/sss_client/nss_hosts.c b/src/sss_client/nss_hosts.c
+index 5e279468b..aa2676286 100644
+--- a/src/sss_client/nss_hosts.c
++++ b/src/sss_client/nss_hosts.c
+@@ -565,6 +565,7 @@ _nss_sss_endhostent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -575,9 +576,10 @@ _nss_sss_endhostent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+-
+ return nret;
+ }
+diff --git a/src/sss_client/nss_ipnetworks.c b/src/sss_client/nss_ipnetworks.c
+index 15fee6039..08070499d 100644
+--- a/src/sss_client/nss_ipnetworks.c
++++ b/src/sss_client/nss_ipnetworks.c
+@@ -510,6 +510,7 @@ _nss_sss_endnetent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -520,10 +521,11 @@ _nss_sss_endnetent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+-
+ return nret;
+ }
+
+diff --git a/src/sss_client/nss_netgroup.c b/src/sss_client/nss_netgroup.c
+index 3a1834a31..2fc88f8ae 100644
+--- a/src/sss_client/nss_netgroup.c
++++ b/src/sss_client/nss_netgroup.c
+@@ -309,6 +309,7 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -319,6 +320,8 @@ enum nss_status _nss_sss_endnetgrent(struct __netgrent *result)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+diff --git a/src/sss_client/nss_passwd.c b/src/sss_client/nss_passwd.c
+index 96368bd6e..c386dd370 100644
+--- a/src/sss_client/nss_passwd.c
++++ b/src/sss_client/nss_passwd.c
+@@ -455,6 +455,7 @@ enum nss_status _nss_sss_endpwent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -465,6 +466,8 @@ enum nss_status _nss_sss_endpwent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+diff --git a/src/sss_client/nss_services.c b/src/sss_client/nss_services.c
+index 13cb4c3ab..f8c2092cb 100644
+--- a/src/sss_client/nss_services.c
++++ b/src/sss_client/nss_services.c
+@@ -484,6 +484,7 @@ _nss_sss_endservent(void)
+ {
+ enum nss_status nret;
+ int errnop;
++ int saved_errno = errno;
+
+ sss_nss_lock();
+
+@@ -494,6 +495,8 @@ _nss_sss_endservent(void)
+ NULL, NULL, NULL, &errnop);
+ if (nret != NSS_STATUS_SUCCESS) {
+ errno = errnop;
++ } else {
++ errno = saved_errno;
+ }
+
+ sss_nss_unlock();
+--
+2.21.3
+
diff --git a/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch b/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
deleted file mode 100644
index 6cf80bd..0000000
--- a/SOURCES/0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
+++ /dev/null
@@ -1,55 +0,0 @@
-From 9beb736aac6aa21433a4541fb56e4fa7d7dbc462 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 26 Sep 2019 20:24:34 +0200
-Subject: [PATCH 10/13] ad: allow booleans for ad_inherit_opts_if_needed()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Currently ad_inherit_opts_if_needed() can only handle strings. With this
-patch it can handle boolean options as well.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_common.c | 23 ++++++++++++++++++++---
- 1 file changed, 20 insertions(+), 3 deletions(-)
-
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index 5540066d4..600e3ceb2 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -1479,9 +1479,26 @@ errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts,
- const char *parent_val = NULL;
- char *dummy = NULL;
- char *option_list[2] = { NULL, NULL };
--
-- parent_val = dp_opt_get_cstring(parent_opts, opt_id);
-- if (parent_val != NULL) {
-+ bool is_default = true;
-+
-+ switch (parent_opts[opt_id].type) {
-+ case DP_OPT_STRING:
-+ parent_val = dp_opt_get_cstring(parent_opts, opt_id);
-+ break;
-+ case DP_OPT_BOOL:
-+ /* For booleans it is hard to say if the option is set or not since
-+ * both possible values are valid ones. So we check if the value is
-+ * different from the default and skip if it is the default. In this
-+ * case the sub-domain option would either be the default as well or
-+ * manully set and in both cases we do not have to change it. */
-+ is_default = (parent_opts[opt_id].val.boolean
-+ == parent_opts[opt_id].def_val.boolean);
-+ break;
-+ default:
-+ DEBUG(SSSDBG_TRACE_FUNC, "Unsupported type, skipping.\n");
-+ }
-+
-+ if (parent_val != NULL || !is_default) {
- ret = confdb_get_string(cdb, NULL, subdom_conf_path,
- parent_opts[opt_id].opt_name, NULL, &dummy);
- if (ret != EOK) {
---
-2.20.1
-
diff --git a/SOURCES/0011-ad-add-ad_use_ldaps.patch b/SOURCES/0011-ad-add-ad_use_ldaps.patch
deleted file mode 100644
index 4b23943..0000000
--- a/SOURCES/0011-ad-add-ad_use_ldaps.patch
+++ /dev/null
@@ -1,438 +0,0 @@
-From da0be382d95f0bdbc6ad5ccb68503456c2ee858b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 26 Sep 2019 20:27:09 +0200
-Subject: [PATCH 11/13] ad: add ad_use_ldaps
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-With this new boolean option the AD provider should only use the LDAPS
-port 636 and the Global Catalog port 3629 which is TLS protected as
-well.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/config/SSSDConfig/__init__.py.in | 1 +
- src/config/cfg_rules.ini | 1 +
- src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
- src/man/sssd-ad.5.xml | 20 +++++++++++++++++++
- src/providers/ad/ad_common.c | 24 +++++++++++++++++++----
- src/providers/ad/ad_common.h | 8 +++++++-
- src/providers/ad/ad_init.c | 8 +++++++-
- src/providers/ad/ad_opts.c | 1 +
- src/providers/ad/ad_srv.c | 16 ++++++++++++---
- src/providers/ad/ad_srv.h | 3 ++-
- src/providers/ad/ad_subdomains.c | 21 ++++++++++++++++++--
- src/providers/ipa/ipa_subdomains_server.c | 4 ++--
- 12 files changed, 94 insertions(+), 14 deletions(-)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index eba89b461..84631862a 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -252,6 +252,7 @@ option_strings = {
- 'ad_site' : _('a particular site to be used by the client'),
- 'ad_maximum_machine_account_password_age' : _('Maximum age in days before the machine account password should be renewed'),
- 'ad_machine_account_password_renewal_opts' : _('Option for tuning the machine account renewal task'),
-+ 'ad_use_ldaps' : _('Use LDAPS port for LDAP and Global Catalog requests'),
-
- # [provider/krb5]
- 'krb5_kdcip' : _('Kerberos server address'),
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index c56d5a668..1034a1fd6 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -464,6 +464,7 @@ option = ad_machine_account_password_renewal_opts
- option = ad_maximum_machine_account_password_age
- option = ad_server
- option = ad_site
-+option = ad_use_ldaps
-
- # IPA provider specific options
- option = ipa_anchor_uuid
-diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
-index aaa0b2345..a2af72603 100644
---- a/src/config/etc/sssd.api.d/sssd-ad.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
-@@ -20,6 +20,7 @@ ad_gpo_default_right = str, None, false
- ad_site = str, None, false
- ad_maximum_machine_account_password_age = int, None, false
- ad_machine_account_password_renewal_opts = str, None, false
-+ad_use_ldaps = bool, None, false
- ldap_uri = str, None, false
- ldap_backup_uri = str, None, false
- ldap_search_base = str, None, false
-diff --git a/src/man/sssd-ad.5.xml b/src/man/sssd-ad.5.xml
-index fdcb4e4b9..ade56cd6d 100644
---- a/src/man/sssd-ad.5.xml
-+++ b/src/man/sssd-ad.5.xml
-@@ -1015,6 +1015,26 @@ ad_gpo_map_deny = +my_pam_service
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>ad_use_ldaps (bool)</term>
-+ <listitem>
-+ <para>
-+ By default SSSD uses the plain LDAP port 389 and the
-+ Global Catalog port 3628. If this option is set to
-+ True SSSD will use the LDAPS port 636 and Global
-+ Catalog port 3629 with LDAPS protection. Since AD
-+ does not allow to have multiple encryption layers on
-+ a single connection and we still want to use
-+ SASL/GSSAPI or SASL/GSS-SPNEGO for authentication
-+ the SASL security property maxssf is set to 0 (zero)
-+ for those connections.
-+ </para>
-+ <para>
-+ Default: False
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term>dyndns_update (boolean)</term>
- <listitem>
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index 600e3ceb2..a2369166a 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -729,6 +729,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
- const char *ad_gc_service,
- const char *ad_domain,
- bool use_kdcinfo,
-+ bool ad_use_ldaps,
- size_t n_lookahead_primary,
- size_t n_lookahead_backup,
- struct ad_service **_service)
-@@ -746,6 +747,16 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
- goto done;
- }
-
-+ if (ad_use_ldaps) {
-+ service->ldap_scheme = "ldaps";
-+ service->port = LDAPS_PORT;
-+ service->gc_port = AD_GC_LDAPS_PORT;
-+ } else {
-+ service->ldap_scheme = "ldap";
-+ service->port = LDAP_PORT;
-+ service->gc_port = AD_GC_PORT;
-+ }
-+
- service->sdap = talloc_zero(service, struct sdap_service);
- service->gc = talloc_zero(service, struct sdap_service);
- if (!service->sdap || !service->gc) {
-@@ -927,7 +938,8 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- goto done;
- }
-
-- new_uri = talloc_asprintf(service->sdap, "ldap://%s", srv_name);
-+ new_uri = talloc_asprintf(service->sdap, "%s://%s", service->ldap_scheme,
-+ srv_name);
- if (!new_uri) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to copy URI\n");
- ret = ENOMEM;
-@@ -935,7 +947,7 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- }
- DEBUG(SSSDBG_CONF_SETTINGS, "Constructed uri '%s'\n", new_uri);
-
-- sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
-+ sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, service->port);
- if (sockaddr == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
- ret = EIO;
-@@ -951,8 +963,12 @@ ad_resolve_callback(void *private_data, struct fo_server *server)
- talloc_zfree(service->gc->uri);
- talloc_zfree(service->gc->sockaddr);
- if (sdata && sdata->gc) {
-- new_port = fo_get_server_port(server);
-- new_port = (new_port == 0) ? AD_GC_PORT : new_port;
-+ if (service->gc_port == AD_GC_LDAPS_PORT) {
-+ new_port = service->gc_port;
-+ } else {
-+ new_port = fo_get_server_port(server);
-+ new_port = (new_port == 0) ? service->gc_port : new_port;
-+ }
-
- service->gc->uri = talloc_asprintf(service->gc, "%s:%d",
- new_uri, new_port);
-diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
-index 75f11de2e..820e06124 100644
---- a/src/providers/ad/ad_common.h
-+++ b/src/providers/ad/ad_common.h
-@@ -29,7 +29,8 @@
- #define AD_SERVICE_NAME "AD"
- #define AD_GC_SERVICE_NAME "AD_GC"
- /* The port the Global Catalog runs on */
--#define AD_GC_PORT 3268
-+#define AD_GC_PORT 3268
-+#define AD_GC_LDAPS_PORT 3269
-
- #define AD_AT_OBJECT_SID "objectSID"
- #define AD_AT_DNS_DOMAIN "DnsDomain"
-@@ -67,6 +68,7 @@ enum ad_basic_opt {
- AD_KRB5_CONFD_PATH,
- AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE,
- AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS,
-+ AD_USE_LDAPS,
-
- AD_OPTS_BASIC /* opts counter */
- };
-@@ -82,6 +84,9 @@ struct ad_service {
- struct sdap_service *sdap;
- struct sdap_service *gc;
- struct krb5_service *krb5_service;
-+ const char *ldap_scheme;
-+ int port;
-+ int gc_port;
- };
-
- struct ad_options {
-@@ -147,6 +152,7 @@ ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
- const char *ad_gc_service,
- const char *ad_domain,
- bool use_kdcinfo,
-+ bool ad_use_ldaps,
- size_t n_lookahead_primary,
- size_t n_lookahead_backup,
- struct ad_service **_service);
-diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
-index 290d5b5c1..2b4b9e2e7 100644
---- a/src/providers/ad/ad_init.c
-+++ b/src/providers/ad/ad_init.c
-@@ -138,6 +138,7 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx,
- char *ad_servers = NULL;
- char *ad_backup_servers = NULL;
- char *ad_realm;
-+ bool ad_use_ldaps = false;
- errno_t ret;
-
- ad_sasl_initialize();
-@@ -154,12 +155,14 @@ static errno_t ad_init_options(TALLOC_CTX *mem_ctx,
- ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
- ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
- ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM);
-+ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS);
-
- /* Set up the failover service */
- ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers,
- ad_realm, AD_SERVICE_NAME, AD_GC_SERVICE_NAME,
- dp_opt_get_string(ad_options->basic, AD_DOMAIN),
- false, /* will be set in ad_get_auth_options() */
-+ ad_use_ldaps,
- (size_t) -1,
- (size_t) -1,
- &ad_options->service);
-@@ -184,11 +187,13 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx,
- const char *ad_site_override;
- bool sites_enabled;
- errno_t ret;
-+ bool ad_use_ldaps;
-
- hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME);
- ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
- ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
- sites_enabled = dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES);
-+ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS);
-
-
- if (!sites_enabled) {
-@@ -205,7 +210,8 @@ static errno_t ad_init_srv_plugin(struct be_ctx *be_ctx,
- srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx, be_ctx->be_res,
- default_host_dbs, ad_options->id,
- hostname, ad_domain,
-- ad_site_override);
-+ ad_site_override,
-+ ad_use_ldaps);
- if (srv_ctx == NULL) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
- return ENOMEM;
-diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
-index 1293219ee..30f9b62fd 100644
---- a/src/providers/ad/ad_opts.c
-+++ b/src/providers/ad/ad_opts.c
-@@ -54,6 +54,7 @@ struct dp_option ad_basic_opts[] = {
- { "krb5_confd_path", DP_OPT_STRING, { KRB5_MAPPING_DIR }, NULL_STRING },
- { "ad_maximum_machine_account_password_age", DP_OPT_NUMBER, { .number = 30 }, NULL_NUMBER },
- { "ad_machine_account_password_renewal_opts", DP_OPT_STRING, { "86400:750" }, NULL_STRING },
-+ { "ad_use_ldaps", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- DP_OPTION_TERMINATOR
- };
-
-diff --git a/src/providers/ad/ad_srv.c b/src/providers/ad/ad_srv.c
-index 5fd25f60e..ca15d3715 100644
---- a/src/providers/ad/ad_srv.c
-+++ b/src/providers/ad/ad_srv.c
-@@ -244,6 +244,7 @@ struct ad_get_client_site_state {
- enum host_database *host_db;
- struct sdap_options *opts;
- const char *ad_domain;
-+ bool ad_use_ldaps;
- struct fo_server_info *dcs;
- size_t num_dcs;
- size_t dc_index;
-@@ -264,6 +265,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx,
- enum host_database *host_db,
- struct sdap_options *opts,
- const char *ad_domain,
-+ bool ad_use_ldaps,
- struct fo_server_info *dcs,
- size_t num_dcs)
- {
-@@ -288,6 +290,7 @@ struct tevent_req *ad_get_client_site_send(TALLOC_CTX *mem_ctx,
- state->host_db = host_db;
- state->opts = opts;
- state->ad_domain = ad_domain;
-+ state->ad_use_ldaps = ad_use_ldaps;
- state->dcs = dcs;
- state->num_dcs = num_dcs;
-
-@@ -331,8 +334,11 @@ static errno_t ad_get_client_site_next_dc(struct tevent_req *req)
- subreq = sdap_connect_host_send(state, state->ev, state->opts,
- state->be_res->resolv,
- state->be_res->family_order,
-- state->host_db, "ldap", state->dc.host,
-- state->dc.port, false);
-+ state->host_db,
-+ state->ad_use_ldaps ? "ldaps" : "ldap",
-+ state->dc.host,
-+ state->ad_use_ldaps ? 636 : state->dc.port,
-+ false);
- if (subreq == NULL) {
- ret = ENOMEM;
- goto done;
-@@ -491,6 +497,7 @@ struct ad_srv_plugin_ctx {
- const char *ad_domain;
- const char *ad_site_override;
- const char *current_site;
-+ bool ad_use_ldaps;
- };
-
- struct ad_srv_plugin_ctx *
-@@ -501,7 +508,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
- struct sdap_options *opts,
- const char *hostname,
- const char *ad_domain,
-- const char *ad_site_override)
-+ const char *ad_site_override,
-+ bool ad_use_ldaps)
- {
- struct ad_srv_plugin_ctx *ctx = NULL;
- errno_t ret;
-@@ -515,6 +523,7 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
- ctx->be_res = be_res;
- ctx->host_dbs = host_dbs;
- ctx->opts = opts;
-+ ctx->ad_use_ldaps = ad_use_ldaps;
-
- ctx->hostname = talloc_strdup(ctx, hostname);
- if (ctx->hostname == NULL) {
-@@ -714,6 +723,7 @@ static void ad_srv_plugin_dcs_done(struct tevent_req *subreq)
- state->ctx->host_dbs,
- state->ctx->opts,
- state->discovery_domain,
-+ state->ctx->ad_use_ldaps,
- dcs, num_dcs);
- if (subreq == NULL) {
- ret = ENOMEM;
-diff --git a/src/providers/ad/ad_srv.h b/src/providers/ad/ad_srv.h
-index e553d594d..8e410ec26 100644
---- a/src/providers/ad/ad_srv.h
-+++ b/src/providers/ad/ad_srv.h
-@@ -31,7 +31,8 @@ ad_srv_plugin_ctx_init(TALLOC_CTX *mem_ctx,
- struct sdap_options *opts,
- const char *hostname,
- const char *ad_domain,
-- const char *ad_site_override);
-+ const char *ad_site_override,
-+ bool ad_use_ldaps);
-
- struct tevent_req *ad_srv_plugin_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index 2ce34489f..d8c201437 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -282,6 +282,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- bool use_kdcinfo = false;
- size_t n_lookahead_primary = SSS_KRB5_LOOKAHEAD_PRIMARY_DEFAULT;
- size_t n_lookahead_backup = SSS_KRB5_LOOKAHEAD_BACKUP_DEFAULT;
-+ bool ad_use_ldaps = false;
-
- realm = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_KRB5_REALM);
- hostname = dp_opt_get_cstring(id_ctx->ad_options->basic, AD_HOSTNAME);
-@@ -312,6 +313,21 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- return ENOMEM;
- }
-
-+ ret = ad_inherit_opts_if_needed(id_ctx->ad_options->basic,
-+ ad_options->basic,
-+ be_ctx->cdb, subdom_conf_path,
-+ AD_USE_LDAPS);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to inherit option [%s] to sub-domain [%s]. "
-+ "This error is ignored but might cause issues or unexpected "
-+ "behavior later on.\n",
-+ id_ctx->ad_options->basic[AD_USE_LDAPS].opt_name,
-+ subdom->name);
-+
-+ return ret;
-+ }
-+
- ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic,
- ad_options->id->basic,
- be_ctx->cdb, subdom_conf_path,
-@@ -344,6 +360,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
-
- servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
- backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
-+ ad_use_ldaps = dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS);
-
- if (id_ctx->ad_options->auth_ctx != NULL
- && id_ctx->ad_options->auth_ctx->opts != NULL) {
-@@ -362,7 +379,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
-
- ret = ad_failover_init(ad_options, be_ctx, servers, backup_servers,
- subdom->realm, service_name, gc_service_name,
-- subdom->name, use_kdcinfo,
-+ subdom->name, use_kdcinfo, ad_use_ldaps,
- n_lookahead_primary,
- n_lookahead_backup,
- &ad_options->service);
-@@ -386,7 +403,7 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- ad_id_ctx->ad_options->id,
- hostname,
- ad_domain,
-- ad_site_override);
-+ ad_site_override, ad_use_ldaps);
- if (srv_ctx == NULL) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
- return ENOMEM;
-diff --git a/src/providers/ipa/ipa_subdomains_server.c b/src/providers/ipa/ipa_subdomains_server.c
-index fd998877b..9aebf72a5 100644
---- a/src/providers/ipa/ipa_subdomains_server.c
-+++ b/src/providers/ipa/ipa_subdomains_server.c
-@@ -319,7 +319,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
- ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers,
- subdom->realm,
- service_name, gc_service_name,
-- subdom->name, use_kdcinfo,
-+ subdom->name, use_kdcinfo, false,
- n_lookahead_primary, n_lookahead_backup,
- &ad_options->service);
- if (ret != EOK) {
-@@ -344,7 +344,7 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
- ad_id_ctx->ad_options->id,
- id_ctx->server_mode->hostname,
- ad_domain,
-- ad_site_override);
-+ ad_site_override, false);
- if (srv_ctx == NULL) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
- return ENOMEM;
---
-2.20.1
-
diff --git a/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch b/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch
new file mode 100644
index 0000000..dc2b0e6
--- /dev/null
+++ b/SOURCES/0011-ipa-add-failover-to-subdomain-override-lookups.patch
@@ -0,0 +1,43 @@
+From df632eec450791559a4a7644f241964397c10ff9 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 5 Jun 2020 13:59:25 +0200
+Subject: [PATCH] ipa: add failover to subdomain override lookups
+
+In the ipa_subdomain_account request failover handling was missing.
+
+Related to https://github.com/SSSD/sssd/issues/5075
+ (was https://pagure.io/SSSD/sssd/issue/4114)
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/providers/ipa/ipa_subdomains_id.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/src/providers/ipa/ipa_subdomains_id.c b/src/providers/ipa/ipa_subdomains_id.c
+index 1224c7b73..36f32fae8 100644
+--- a/src/providers/ipa/ipa_subdomains_id.c
++++ b/src/providers/ipa/ipa_subdomains_id.c
+@@ -208,6 +208,20 @@ static void ipa_subdomain_account_got_override(struct tevent_req *subreq)
+ &state->override_attrs);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
++ ret = sdap_id_op_done(state->op, ret, &dp_error);
++
++ if (dp_error == DP_ERR_OK && ret != EOK) {
++ /* retry */
++ subreq = sdap_id_op_connect_send(state->op, state, &ret);
++ if (subreq == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_connect_send failed.\n");
++ goto fail;
++ }
++ tevent_req_set_callback(subreq, ipa_subdomain_account_connected,
++ req);
++ return;
++ }
++
+ DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
+ goto fail;
+ }
+--
+2.21.3
+
diff --git a/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch b/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch
new file mode 100644
index 0000000..39b2e20
--- /dev/null
+++ b/SOURCES/0012-GPO-fix-link-order-in-a-SOM.patch
@@ -0,0 +1,132 @@
+From dce025b882db7247571b135e928afb47f069a60f Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 27 Feb 2020 06:54:21 +0100
+Subject: [PATCH] GPO: fix link order in a SOM
+
+GPOs of the same OU were applied in the wrong order. Details about how
+GPOs should be processed can be found e.g. at
+https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
+
+Resolves: https://github.com/SSSD/sssd/issues/5103
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/providers/ad/ad_gpo.c | 59 +++++++++++++++++++++++++++++----------
+ 1 file changed, 45 insertions(+), 14 deletions(-)
+
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index bbe8d8a1e..1524c4bfc 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -3511,14 +3511,19 @@ ad_gpo_process_som_recv(struct tevent_req *req,
+ * - GPOs linked to an OU will be applied after GPOs linked to a Domain,
+ * which will be applied after GPOs linked to a Site.
+ * - multiple GPOs linked to a single SOM are applied in their link order
+- * (i.e. 1st GPO linked to SOM is applied after 2nd GPO linked to SOM, etc).
++ * (i.e. 1st GPO linked to SOM is applied before 2nd GPO linked to SOM, etc).
+ * - enforced GPOs are applied after unenforced GPOs.
+ *
+ * As such, the _candidate_gpos output's dn fields looks like (in link order):
+- * [unenforced {Site, Domain, OU}; enforced {Site, Domain, OU}]
++ * [unenforced {Site, Domain, OU}; enforced {OU, Domain, Site}]
+ *
+ * Note that in the case of conflicting policy settings, GPOs appearing later
+- * in the list will trump GPOs appearing earlier in the list.
++ * in the list will trump GPOs appearing earlier in the list. Therefore the
++ * enforced GPOs are applied in revers order after the unenforced GPOs to
++ * make sure the enforced setting form the highest level will be applied.
++ *
++ * GPO processing details can be found e.g. at
++ * https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn581922(v%3Dws.11)
+ */
+ static errno_t
+ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+@@ -3542,6 +3547,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ int i = 0;
+ int j = 0;
+ int ret;
++ size_t som_count = 0;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+@@ -3568,6 +3574,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ }
+ i++;
+ }
++ som_count = i;
+
+ num_candidate_gpos = num_enforced + num_unenforced;
+
+@@ -3590,9 +3597,43 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+
++ i = som_count -1 ;
++ while (i >= 0) {
++ gp_som = som_list[i];
++
++ /* For unenforced_gpo_dns the most specific GPOs with the highest
++ * priority should be the last. We start with the top-level SOM and go
++ * down to the most specific one and add the unenforced following the
++ * gplink_list where the GPO with the highest priority comes last. */
++ j = 0;
++ while (gp_som && gp_som->gplink_list && gp_som->gplink_list[j]) {
++ gp_gplink = gp_som->gplink_list[j];
++
++ if (!gp_gplink->enforced) {
++ unenforced_gpo_dns[unenforced_idx] =
++ talloc_steal(unenforced_gpo_dns, gp_gplink->gpo_dn);
++
++ if (unenforced_gpo_dns[unenforced_idx] == NULL) {
++ ret = ENOMEM;
++ goto done;
++ }
++ unenforced_idx++;
++ }
++ j++;
++ }
++ i--;
++ }
++
+ i = 0;
+ while (som_list[i]) {
+ gp_som = som_list[i];
++
++ /* For enforced GPOs we start processing with the most specific SOM to
++ * make sur enforced GPOs from higher levels override to lower level
++ * ones. According to the 'Group Policy Inheritance' tab in the
++ * Windows 'Goup Policy Management' utility in the same SOM the link
++ * order is still observed and an enforced GPO with a lower link order
++ * value still overrides an enforced GPO with a higher link order. */
+ j = 0;
+ while (gp_som && gp_som->gplink_list && gp_som->gplink_list[j]) {
+ gp_gplink = gp_som->gplink_list[j];
+@@ -3610,16 +3651,6 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ goto done;
+ }
+ enforced_idx++;
+- } else {
+-
+- unenforced_gpo_dns[unenforced_idx] =
+- talloc_steal(unenforced_gpo_dns, gp_gplink->gpo_dn);
+-
+- if (unenforced_gpo_dns[unenforced_idx] == NULL) {
+- ret = ENOMEM;
+- goto done;
+- }
+- unenforced_idx++;
+ }
+ j++;
+ }
+@@ -3638,7 +3669,7 @@ ad_gpo_populate_candidate_gpos(TALLOC_CTX *mem_ctx,
+ }
+
+ gpo_dn_idx = 0;
+- for (i = num_unenforced - 1; i >= 0; i--) {
++ for (i = 0; i < num_unenforced; i++) {
+ candidate_gpos[gpo_dn_idx] = talloc_zero(candidate_gpos, struct gp_gpo);
+ if (candidate_gpos[gpo_dn_idx] == NULL) {
+ ret = ENOMEM;
+--
+2.21.3
+
diff --git a/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch b/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch
deleted file mode 100644
index 311e5ea..0000000
--- a/SOURCES/0012-ldap-add-new-option-ldap_sasl_maxssf.patch
+++ /dev/null
@@ -1,199 +0,0 @@
-From 4c855d55944087cb2317c681f1dc78953ec95c4e Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 27 Sep 2019 11:49:59 +0200
-Subject: [PATCH 12/13] ldap: add new option ldap_sasl_maxssf
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There is already the ldap_sasl_minssf option. To be able to control the
-maximal security strength factor (ssf) e.g. when using SASL together
-with TLS the option ldap_sasl_maxssf is added as well.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/config/SSSDConfig/__init__.py.in | 1 +
- src/config/cfg_rules.ini | 1 +
- src/config/etc/sssd.api.d/sssd-ad.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ipa.conf | 1 +
- src/config/etc/sssd.api.d/sssd-ldap.conf | 1 +
- src/man/sssd-ldap.5.xml | 16 ++++++++++++++++
- src/providers/ad/ad_opts.c | 1 +
- src/providers/ipa/ipa_opts.c | 1 +
- src/providers/ldap/ldap_opts.c | 1 +
- src/providers/ldap/sdap.h | 1 +
- src/providers/ldap/sdap_async_connection.c | 14 ++++++++++++++
- 11 files changed, 39 insertions(+)
-
-diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
-index 84631862a..a1b088bc4 100644
---- a/src/config/SSSDConfig/__init__.py.in
-+++ b/src/config/SSSDConfig/__init__.py.in
-@@ -305,6 +305,7 @@ option_strings = {
- 'ldap_sasl_authid' : _('Specify the sasl authorization id to use'),
- 'ldap_sasl_realm' : _('Specify the sasl authorization realm to use'),
- 'ldap_sasl_minssf' : _('Specify the minimal SSF for LDAP sasl authorization'),
-+ 'ldap_sasl_maxssf' : _('Specify the maximal SSF for LDAP sasl authorization'),
- 'ldap_krb5_keytab' : _('Kerberos service keytab'),
- 'ldap_krb5_init_creds' : _('Use Kerberos auth for LDAP connection'),
- 'ldap_referrals' : _('Follow LDAP referrals'),
-diff --git a/src/config/cfg_rules.ini b/src/config/cfg_rules.ini
-index 1034a1fd6..fd5336db7 100644
---- a/src/config/cfg_rules.ini
-+++ b/src/config/cfg_rules.ini
-@@ -664,6 +664,7 @@ option = ldap_sasl_authid
- option = ldap_sasl_canonicalize
- option = ldap_sasl_mech
- option = ldap_sasl_minssf
-+option = ldap_sasl_maxssf
- option = ldap_schema
- option = ldap_pwmodify_mode
- option = ldap_search_base
-diff --git a/src/config/etc/sssd.api.d/sssd-ad.conf b/src/config/etc/sssd.api.d/sssd-ad.conf
-index a2af72603..d6443e200 100644
---- a/src/config/etc/sssd.api.d/sssd-ad.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ad.conf
-@@ -41,6 +41,7 @@ ldap_tls_reqcert = str, None, false
- ldap_sasl_mech = str, None, false
- ldap_sasl_authid = str, None, false
- ldap_sasl_minssf = int, None, false
-+ldap_sasl_maxssf = int, None, false
- krb5_kdcip = str, None, false
- krb5_server = str, None, false
- krb5_backup_server = str, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
-index 7ed153d36..839f9f471 100644
---- a/src/config/etc/sssd.api.d/sssd-ipa.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
-@@ -32,6 +32,7 @@ ldap_tls_reqcert = str, None, false
- ldap_sasl_mech = str, None, false
- ldap_sasl_authid = str, None, false
- ldap_sasl_minssf = int, None, false
-+ldap_sasl_maxssf = int, None, false
- krb5_kdcip = str, None, false
- krb5_server = str, None, false
- krb5_backup_server = str, None, false
-diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
-index 4f73e901e..6db9828b9 100644
---- a/src/config/etc/sssd.api.d/sssd-ldap.conf
-+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
-@@ -35,6 +35,7 @@ ldap_page_size = int, None, false
- ldap_deref_threshold = int, None, false
- ldap_sasl_canonicalize = bool, None, false
- ldap_sasl_minssf = int, None, false
-+ldap_sasl_maxssf = int, None, false
- ldap_connection_expire_timeout = int, None, false
- ldap_connection_expire_offset = int, None, false
- ldap_disable_paging = bool, None, false
-diff --git a/src/man/sssd-ldap.5.xml b/src/man/sssd-ldap.5.xml
-index f8bb973c7..0dc675410 100644
---- a/src/man/sssd-ldap.5.xml
-+++ b/src/man/sssd-ldap.5.xml
-@@ -612,6 +612,22 @@
- </listitem>
- </varlistentry>
-
-+ <varlistentry>
-+ <term>ldap_sasl_maxssf (integer)</term>
-+ <listitem>
-+ <para>
-+ When communicating with an LDAP server using SASL,
-+ specify the maximal security level necessary to
-+ establish the connection. The values of this
-+ option are defined by OpenLDAP.
-+ </para>
-+ <para>
-+ Default: Use the system default (usually specified
-+ by ldap.conf)
-+ </para>
-+ </listitem>
-+ </varlistentry>
-+
- <varlistentry>
- <term>ldap_deref_threshold (integer)</term>
- <listitem>
-diff --git a/src/providers/ad/ad_opts.c b/src/providers/ad/ad_opts.c
-index 30f9b62fd..905a15cd0 100644
---- a/src/providers/ad/ad_opts.c
-+++ b/src/providers/ad/ad_opts.c
-@@ -105,6 +105,7 @@ struct dp_option ad_def_ldap_opts[] = {
- { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
-+ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
- { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- /* use the same parm name as the krb5 module so we set it only once */
-diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
-index 4fafa073d..55de6e600 100644
---- a/src/providers/ipa/ipa_opts.c
-+++ b/src/providers/ipa/ipa_opts.c
-@@ -114,6 +114,7 @@ struct dp_option ipa_def_ldap_opts[] = {
- { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = 56 }, NULL_NUMBER },
-+ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
- { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- /* use the same parm name as the krb5 module so we set it only once */
-diff --git a/src/providers/ldap/ldap_opts.c b/src/providers/ldap/ldap_opts.c
-index ffd0c6baa..d1b4e98ad 100644
---- a/src/providers/ldap/ldap_opts.c
-+++ b/src/providers/ldap/ldap_opts.c
-@@ -74,6 +74,7 @@ struct dp_option default_basic_opts[] = {
- { "ldap_sasl_authid", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sasl_minssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
-+ { "ldap_sasl_maxssf", DP_OPT_NUMBER, { .number = -1 }, NULL_NUMBER },
- { "ldap_krb5_keytab", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_krb5_init_creds", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
- /* use the same parm name as the krb5 module so we set it only once */
-diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
-index f27b3c480..808a2c400 100644
---- a/src/providers/ldap/sdap.h
-+++ b/src/providers/ldap/sdap.h
-@@ -192,6 +192,7 @@ enum sdap_basic_opt {
- SDAP_SASL_AUTHID,
- SDAP_SASL_REALM,
- SDAP_SASL_MINSSF,
-+ SDAP_SASL_MAXSSF,
- SDAP_KRB5_KEYTAB,
- SDAP_KRB5_KINIT,
- SDAP_KRB5_KDC,
-diff --git a/src/providers/ldap/sdap_async_connection.c b/src/providers/ldap/sdap_async_connection.c
-index 7438d14a7..5f69cedcc 100644
---- a/src/providers/ldap/sdap_async_connection.c
-+++ b/src/providers/ldap/sdap_async_connection.c
-@@ -148,6 +148,8 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
- const char *sasl_mech;
- int sasl_minssf;
- ber_len_t ber_sasl_minssf;
-+ int sasl_maxssf;
-+ ber_len_t ber_sasl_maxssf;
-
- ret = sss_ldap_init_recv(subreq, &state->sh->ldap, &sd);
- talloc_zfree(subreq);
-@@ -291,6 +293,18 @@ static void sdap_sys_connect_done(struct tevent_req *subreq)
- goto fail;
- }
- }
-+
-+ sasl_maxssf = dp_opt_get_int(state->opts->basic, SDAP_SASL_MAXSSF);
-+ if (sasl_maxssf >= 0) {
-+ ber_sasl_maxssf = (ber_len_t)sasl_maxssf;
-+ lret = ldap_set_option(state->sh->ldap, LDAP_OPT_X_SASL_SSF_MAX,
-+ &ber_sasl_maxssf);
-+ if (lret != LDAP_OPT_SUCCESS) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set LDAP MAX SSF option "
-+ "to %d\n", sasl_maxssf);
-+ goto fail;
-+ }
-+ }
- }
-
- /* if we do not use start_tls the connection is not really connected yet
---
-2.20.1
-
diff --git a/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch b/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch
deleted file mode 100644
index 8a1a42d..0000000
--- a/SOURCES/0013-ad-set-min-and-max-ssf-for-ldaps.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From d702d594e380a1d0f0e937524bdd8a3eabc9bdf1 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 27 Sep 2019 13:45:13 +0200
-Subject: [PATCH 13/13] ad: set min and max ssf for ldaps
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-AD does not allow to use encryption in the TLS and SASL layer at the
-same time. To be able to use ldaps this patch sets min and max ssf to 0
-if ldaps should be used.
-
-Related to https://pagure.io/SSSD/sssd/issue/4131
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/providers/ad/ad_common.c | 21 +++++++++++++++++++++
- src/providers/ad/ad_common.h | 2 ++
- src/providers/ad/ad_subdomains.c | 4 ++++
- 3 files changed, 27 insertions(+)
-
-diff --git a/src/providers/ad/ad_common.c b/src/providers/ad/ad_common.c
-index a2369166a..51300f5b2 100644
---- a/src/providers/ad/ad_common.c
-+++ b/src/providers/ad/ad_common.c
-@@ -1021,6 +1021,23 @@ done:
- return;
- }
-
-+void ad_set_ssf_for_ldaps(struct sdap_options *id_opts)
-+{
-+ int ret;
-+
-+ DEBUG(SSSDBG_TRACE_ALL, "Setting ssf for ldaps usage.\n");
-+ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MINSSF, 0);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to set SASL minssf for ldaps usage, ignored.\n");
-+ }
-+ ret = dp_opt_set_int(id_opts->basic, SDAP_SASL_MAXSSF, 0);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Failed to set SASL maxssf for ldaps usage, ignored.\n");
-+ }
-+}
-+
- static errno_t
- ad_set_sdap_options(struct ad_options *ad_opts,
- struct sdap_options *id_opts)
-@@ -1079,6 +1096,10 @@ ad_set_sdap_options(struct ad_options *ad_opts,
- goto done;
- }
-
-+ if (dp_opt_get_bool(ad_opts->basic, AD_USE_LDAPS)) {
-+ ad_set_ssf_for_ldaps(id_opts);
-+ }
-+
- /* Warn if the user is doing something silly like overriding the schema
- * with the AD provider
- */
-diff --git a/src/providers/ad/ad_common.h b/src/providers/ad/ad_common.h
-index 820e06124..d23aee616 100644
---- a/src/providers/ad/ad_common.h
-+++ b/src/providers/ad/ad_common.h
-@@ -181,6 +181,8 @@ errno_t
- ad_get_dyndns_options(struct be_ctx *be_ctx,
- struct ad_options *ad_opts);
-
-+void ad_set_ssf_for_ldaps(struct sdap_options *id_opts);
-+
- struct ad_id_ctx *
- ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx);
-
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index d8c201437..a9c6b9f28 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -328,6 +328,10 @@ ad_subdom_ad_ctx_new(struct be_ctx *be_ctx,
- return ret;
- }
-
-+ if (dp_opt_get_bool(ad_options->basic, AD_USE_LDAPS)) {
-+ ad_set_ssf_for_ldaps(ad_options->id);
-+ }
-+
- ret = ad_inherit_opts_if_needed(id_ctx->sdap_id_ctx->opts->basic,
- ad_options->id->basic,
- be_ctx->cdb, subdom_conf_path,
---
-2.20.1
-
diff --git a/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch b/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
new file mode 100644
index 0000000..c16d932
--- /dev/null
+++ b/SOURCES/0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
@@ -0,0 +1,58 @@
+From 8ca799ea968e548337acb0300642a0d88f1bba9b Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 15:47:35 +0200
+Subject: [PATCH 13/19] sysdb: make sysdb_update_subdomains() more robust
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some NULL checks are added basically to allow that missing values can be
+set later.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/db/sysdb_subdomains.c | 12 +++++++++---
+ 1 file changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/db/sysdb_subdomains.c b/src/db/sysdb_subdomains.c
+index b170d1978..d256817a6 100644
+--- a/src/db/sysdb_subdomains.c
++++ b/src/db/sysdb_subdomains.c
+@@ -421,7 +421,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ }
+
+ /* in theory these may change, but it should never happen */
+- if (strcasecmp(dom->realm, realm) != 0) {
++ if ((dom->realm == NULL && realm != NULL)
++ || (dom->realm != NULL && realm != NULL
++ && strcasecmp(dom->realm, realm) != 0)) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Realm name changed from [%s] to [%s]!\n",
+ dom->realm, realm);
+@@ -432,7 +434,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ goto done;
+ }
+ }
+- if (strcasecmp(dom->flat_name, flat) != 0) {
++ if ((dom->flat_name == NULL && flat != NULL)
++ || (dom->flat_name != NULL && flat != NULL
++ && strcasecmp(dom->flat_name, flat) != 0)) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Flat name changed from [%s] to [%s]!\n",
+ dom->flat_name, flat);
+@@ -443,7 +447,9 @@ errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
+ goto done;
+ }
+ }
+- if (strcasecmp(dom->domain_id, id) != 0) {
++ if ((dom->domain_id == NULL && id != NULL)
++ || (dom->domain_id != NULL && id != NULL
++ && strcasecmp(dom->domain_id, id) != 0)) {
+ DEBUG(SSSDBG_TRACE_INTERNAL,
+ "Domain changed from [%s] to [%s]!\n",
+ dom->domain_id, id);
+--
+2.21.3
+
diff --git a/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch b/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
deleted file mode 100644
index d470f4e..0000000
--- a/SOURCES/0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-From 007d5b79b7aef67dd843ed9a3b65095faaeb580f Mon Sep 17 00:00:00 2001
-From: Lukas Slebodnik <lslebodn@redhat.com>
-Date: Wed, 22 Jan 2020 09:43:21 +0000
-Subject: [PATCH] BE_REFRESH: Do not try to refresh domains from other backends
-
-We cannot refresh domains from different sssd_be processes.
-We can refresh just subdomains
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4142
-
-Merges: https://pagure.io/SSSD/sssd/pull-request/4139
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/providers/be_refresh.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/providers/be_refresh.c b/src/providers/be_refresh.c
-index 6cce38390..5e43571ce 100644
---- a/src/providers/be_refresh.c
-+++ b/src/providers/be_refresh.c
-@@ -385,6 +385,10 @@ static errno_t be_refresh_step(struct tevent_req *req)
- if (state->index == BE_REFRESH_TYPE_SENTINEL) {
- state->domain = get_next_domain(state->domain,
- SSS_GND_DESCEND);
-+ /* we can update just subdomains */
-+ if (state->domain != NULL && !IS_SUBDOMAIN(state->domain)) {
-+ break;
-+ }
- state->index = 0;
- continue;
- }
---
-2.20.1
-
diff --git a/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch b/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
new file mode 100644
index 0000000..5674c81
--- /dev/null
+++ b/SOURCES/0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
@@ -0,0 +1,334 @@
+From d3089173dd8be85a83cf0236e116ba8e11326a6d Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 16:51:02 +0200
+Subject: [PATCH 14/19] ad: rename ad_master_domain_* to ad_domain_info_*
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The ad_master_domain_{send|recv} are not specific to the master domain
+so a more generic name seems to be suitable.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_domain_info.c | 64 +++++++++++++++----------------
+ src/providers/ad/ad_domain_info.h | 10 ++---
+ src/providers/ad/ad_gpo.c | 8 ++--
+ src/providers/ad/ad_id.c | 14 +++----
+ src/providers/ad/ad_resolver.c | 8 ++--
+ src/providers/ad/ad_subdomains.c | 8 ++--
+ 6 files changed, 56 insertions(+), 56 deletions(-)
+
+diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
+index 5302c8083..52b2e2442 100644
+--- a/src/providers/ad/ad_domain_info.c
++++ b/src/providers/ad/ad_domain_info.c
+@@ -175,7 +175,7 @@ done:
+ return ret;
+ }
+
+-struct ad_master_domain_state {
++struct ad_domain_info_state {
+ struct tevent_context *ev;
+ struct sdap_id_conn_ctx *conn;
+ struct sdap_id_op *id_op;
+@@ -191,22 +191,22 @@ struct ad_master_domain_state {
+ char *sid;
+ };
+
+-static errno_t ad_master_domain_next(struct tevent_req *req);
+-static void ad_master_domain_next_done(struct tevent_req *subreq);
+-static void ad_master_domain_netlogon_done(struct tevent_req *req);
++static errno_t ad_domain_info_next(struct tevent_req *req);
++static void ad_domain_info_next_done(struct tevent_req *subreq);
++static void ad_domain_info_netlogon_done(struct tevent_req *req);
+
+ struct tevent_req *
+-ad_master_domain_send(TALLOC_CTX *mem_ctx,
+- struct tevent_context *ev,
+- struct sdap_id_conn_ctx *conn,
+- struct sdap_id_op *op,
+- const char *dom_name)
++ad_domain_info_send(TALLOC_CTX *mem_ctx,
++ struct tevent_context *ev,
++ struct sdap_id_conn_ctx *conn,
++ struct sdap_id_op *op,
++ const char *dom_name)
+ {
+ errno_t ret;
+ struct tevent_req *req;
+- struct ad_master_domain_state *state;
++ struct ad_domain_info_state *state;
+
+- req = tevent_req_create(mem_ctx, &state, struct ad_master_domain_state);
++ req = tevent_req_create(mem_ctx, &state, struct ad_domain_info_state);
+ if (!req) return NULL;
+
+ state->ev = ev;
+@@ -216,7 +216,7 @@ ad_master_domain_send(TALLOC_CTX *mem_ctx,
+ state->opts = conn->id_ctx->opts;
+ state->dom_name = dom_name;
+
+- ret = ad_master_domain_next(req);
++ ret = ad_domain_info_next(req);
+ if (ret != EOK && ret != EAGAIN) {
+ goto immediate;
+ }
+@@ -234,14 +234,14 @@ immediate:
+ }
+
+ static errno_t
+-ad_master_domain_next(struct tevent_req *req)
++ad_domain_info_next(struct tevent_req *req)
+ {
+ struct tevent_req *subreq;
+ struct sdap_search_base *base;
+ const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
+
+- struct ad_master_domain_state *state =
+- tevent_req_data(req, struct ad_master_domain_state);
++ struct ad_domain_info_state *state =
++ tevent_req_data(req, struct ad_domain_info_state);
+
+ base = state->opts->sdom->search_bases[state->base_iter];
+ if (base == NULL) {
+@@ -261,13 +261,13 @@ ad_master_domain_next(struct tevent_req *req)
+ DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
+ return ENOMEM;
+ }
+- tevent_req_set_callback(subreq, ad_master_domain_next_done, req);
++ tevent_req_set_callback(subreq, ad_domain_info_next_done, req);
+
+ return EAGAIN;
+ }
+
+ static void
+-ad_master_domain_next_done(struct tevent_req *subreq)
++ad_domain_info_next_done(struct tevent_req *subreq)
+ {
+ errno_t ret;
+ size_t reply_count;
+@@ -281,8 +281,8 @@ ad_master_domain_next_done(struct tevent_req *subreq)
+
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+- struct ad_master_domain_state *state =
+- tevent_req_data(req, struct ad_master_domain_state);
++ struct ad_domain_info_state *state =
++ tevent_req_data(req, struct ad_domain_info_state);
+
+ ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
+ talloc_zfree(subreq);
+@@ -293,7 +293,7 @@ ad_master_domain_next_done(struct tevent_req *subreq)
+
+ if (reply_count == 0) {
+ state->base_iter++;
+- ret = ad_master_domain_next(req);
++ ret = ad_domain_info_next(req);
+ if (ret == EAGAIN) {
+ /* Async request will get us back here again */
+ return;
+@@ -362,7 +362,7 @@ ad_master_domain_next_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- tevent_req_set_callback(subreq, ad_master_domain_netlogon_done, req);
++ tevent_req_set_callback(subreq, ad_domain_info_netlogon_done, req);
+ return;
+
+ done:
+@@ -370,7 +370,7 @@ done:
+ }
+
+ static void
+-ad_master_domain_netlogon_done(struct tevent_req *subreq)
++ad_domain_info_netlogon_done(struct tevent_req *subreq)
+ {
+ int ret;
+ size_t reply_count;
+@@ -378,8 +378,8 @@ ad_master_domain_netlogon_done(struct tevent_req *subreq)
+
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+- struct ad_master_domain_state *state =
+- tevent_req_data(req, struct ad_master_domain_state);
++ struct ad_domain_info_state *state =
++ tevent_req_data(req, struct ad_domain_info_state);
+
+ ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
+ talloc_zfree(subreq);
+@@ -422,15 +422,15 @@ done:
+ }
+
+ errno_t
+-ad_master_domain_recv(struct tevent_req *req,
+- TALLOC_CTX *mem_ctx,
+- char **_flat,
+- char **_id,
+- char **_site,
+- char **_forest)
++ad_domain_info_recv(struct tevent_req *req,
++ TALLOC_CTX *mem_ctx,
++ char **_flat,
++ char **_id,
++ char **_site,
++ char **_forest)
+ {
+- struct ad_master_domain_state *state = tevent_req_data(req,
+- struct ad_master_domain_state);
++ struct ad_domain_info_state *state = tevent_req_data(req,
++ struct ad_domain_info_state);
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
+index b96e8a3c3..631e543f5 100644
+--- a/src/providers/ad/ad_domain_info.h
++++ b/src/providers/ad/ad_domain_info.h
+@@ -22,22 +22,22 @@
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+-#ifndef _AD_MASTER_DOMAIN_H_
+-#define _AD_MASTER_DOMAIN_H_
++#ifndef _AD_DOMAIN_INFO_H_
++#define _AD_DOMAIN_INFO_H_
+
+ struct tevent_req *
+-ad_master_domain_send(TALLOC_CTX *mem_ctx,
++ad_domain_info_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct sdap_id_conn_ctx *conn,
+ struct sdap_id_op *op,
+ const char *dom_name);
+
+ errno_t
+-ad_master_domain_recv(struct tevent_req *req,
++ad_domain_info_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ char **_flat,
+ char **_id,
+ char **_site,
+ char **_forest);
+
+-#endif /* _AD_MASTER_DOMAIN_H_ */
++#endif /* _AD_DOMAIN_INFO_H_ */
+diff --git a/src/providers/ad/ad_gpo.c b/src/providers/ad/ad_gpo.c
+index 1524c4bfc..53560a754 100644
+--- a/src/providers/ad/ad_gpo.c
++++ b/src/providers/ad/ad_gpo.c
+@@ -3151,11 +3151,11 @@ ad_gpo_process_som_send(TALLOC_CTX *mem_ctx,
+ goto immediately;
+ }
+
+- subreq = ad_master_domain_send(state, state->ev, conn,
+- state->sdap_op, domain_name);
++ subreq = ad_domain_info_send(state, state->ev, conn,
++ state->sdap_op, domain_name);
+
+ if (subreq == NULL) {
+- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
+ ret = ENOMEM;
+ goto immediately;
+ }
+@@ -3188,7 +3188,7 @@ ad_gpo_site_name_retrieval_done(struct tevent_req *subreq)
+ state = tevent_req_data(req, struct ad_gpo_process_som_state);
+
+ /* gpo code only cares about the site name */
+- ret = ad_master_domain_recv(subreq, state, NULL, NULL, &site, NULL);
++ ret = ad_domain_info_recv(subreq, state, NULL, NULL, &site, NULL);
+ talloc_zfree(subreq);
+
+ if (ret != EOK || site == NULL) {
+diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
+index 84e5c42ac..ca6486e03 100644
+--- a/src/providers/ad/ad_id.c
++++ b/src/providers/ad/ad_id.c
+@@ -663,12 +663,12 @@ ad_enumeration_conn_done(struct tevent_req *subreq)
+ return;
+ }
+
+- subreq = ad_master_domain_send(state, state->ev,
+- state->id_ctx->ldap_ctx,
+- state->sdap_op,
+- state->sdom->dom->name);
++ subreq = ad_domain_info_send(state, state->ev,
++ state->id_ctx->ldap_ctx,
++ state->sdap_op,
++ state->sdom->dom->name);
+ if (subreq == NULL) {
+- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
+ tevent_req_error(req, ret);
+ return;
+ }
+@@ -687,8 +687,8 @@ ad_enumeration_master_done(struct tevent_req *subreq)
+ char *master_sid;
+ char *forest;
+
+- ret = ad_master_domain_recv(subreq, state,
+- &flat_name, &master_sid, NULL, &forest);
++ ret = ad_domain_info_recv(subreq, state,
++ &flat_name, &master_sid, NULL, &forest);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve master domain info\n");
+diff --git a/src/providers/ad/ad_resolver.c b/src/providers/ad/ad_resolver.c
+index b58f08ecf..c87706094 100644
+--- a/src/providers/ad/ad_resolver.c
++++ b/src/providers/ad/ad_resolver.c
+@@ -317,10 +317,10 @@ ad_resolver_enumeration_conn_done(struct tevent_req *subreq)
+ return;
+ }
+
+- subreq = ad_master_domain_send(state, state->ev, id_ctx->conn,
+- state->sdap_op, state->sdom->dom->name);
++ subreq = ad_domain_info_send(state, state->ev, id_ctx->conn,
++ state->sdap_op, state->sdom->dom->name);
+ if (subreq == NULL) {
+- DEBUG(SSSDBG_OP_FAILURE, "ad_master_domain_send failed.\n");
++ DEBUG(SSSDBG_OP_FAILURE, "ad_domain_info_send failed.\n");
+ tevent_req_error(req, ret);
+ return;
+ }
+@@ -346,7 +346,7 @@ ad_resolver_enumeration_master_done(struct tevent_req *subreq)
+ char *forest;
+ struct ad_id_ctx *ad_id_ctx;
+
+- ret = ad_master_domain_recv(subreq, state,
++ ret = ad_domain_info_recv(subreq, state,
+ &flat_name, &master_sid, NULL, &forest);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 06fbdb0ef..c53962283 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -1756,8 +1756,8 @@ static void ad_subdomains_refresh_connect_done(struct tevent_req *subreq)
+ }
+
+ /* connect to the DC we are a member of */
+- subreq = ad_master_domain_send(state, state->ev, state->id_ctx->conn,
+- state->sdap_op, state->sd_ctx->domain_name);
++ subreq = ad_domain_info_send(state, state->ev, state->id_ctx->conn,
++ state->sdap_op, state->sd_ctx->domain_name);
+ if (subreq == NULL) {
+ tevent_req_error(req, ENOMEM);
+ return;
+@@ -1779,8 +1779,8 @@ static void ad_subdomains_refresh_master_done(struct tevent_req *subreq)
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct ad_subdomains_refresh_state);
+
+- ret = ad_master_domain_recv(subreq, state, &flat_name, &master_sid,
+- NULL, &state->forest);
++ ret = ad_domain_info_recv(subreq, state, &flat_name, &master_sid,
++ NULL, &state->forest);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain information "
+--
+2.21.3
+
diff --git a/SOURCES/0015-sysdb-make-new_subdomain-public.patch b/SOURCES/0015-sysdb-make-new_subdomain-public.patch
new file mode 100644
index 0000000..1c3a146
--- /dev/null
+++ b/SOURCES/0015-sysdb-make-new_subdomain-public.patch
@@ -0,0 +1,117 @@
+From 9aa26f6514220bae3b3314f830e3e3f95fab2cf9 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 21:18:13 +0200
+Subject: [PATCH 15/19] sysdb: make new_subdomain() public
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/db/sysdb.h | 18 ++++++++++++++++++
+ src/db/sysdb_private.h | 19 -------------------
+ src/tests/cmocka/test_negcache.c | 1 -
+ src/tests/cmocka/test_nss_srv.c | 1 -
+ src/tests/cmocka/test_responder_cache_req.c | 1 -
+ 5 files changed, 18 insertions(+), 22 deletions(-)
+
+diff --git a/src/db/sysdb.h b/src/db/sysdb.h
+index 64e546f5b..e4ed10b54 100644
+--- a/src/db/sysdb.h
++++ b/src/db/sysdb.h
+@@ -562,6 +562,24 @@ errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
+ errno_t sysdb_subdomain_content_delete(struct sysdb_ctx *sysdb,
+ const char *name);
+
++/* The utility function to create a subdomain sss_domain_info object is handy
++ * for unit tests, so it should be available in a headerr.
++ */
++struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
++ struct sss_domain_info *parent,
++ const char *name,
++ const char *realm,
++ const char *flat_name,
++ const char *id,
++ enum sss_domain_mpg_mode mpg_mode,
++ bool enumerate,
++ const char *forest,
++ const char **upn_suffixes,
++ uint32_t trust_direction,
++ struct confdb_ctx *confdb,
++ bool enabled);
++
++
+ errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+ size_t *range_count,
+ struct range_info ***range_list);
+diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
+index 3302919a6..70fe3fa18 100644
+--- a/src/db/sysdb_private.h
++++ b/src/db/sysdb_private.h
+@@ -196,25 +196,6 @@ int sysdb_replace_ulong(struct ldb_message *msg,
+ int sysdb_delete_ulong(struct ldb_message *msg,
+ const char *attr, unsigned long value);
+
+-/* The utility function to create a subdomain sss_domain_info object is handy
+- * for unit tests, so it should be available in a header, but not a public util
+- * one, because the only interface for the daemon itself should be adding
+- * the sysdb domain object and calling sysdb_update_subdomains()
+- */
+-struct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
+- struct sss_domain_info *parent,
+- const char *name,
+- const char *realm,
+- const char *flat_name,
+- const char *id,
+- enum sss_domain_mpg_mode mpg_mode,
+- bool enumerate,
+- const char *forest,
+- const char **upn_suffixes,
+- uint32_t trust_direction,
+- struct confdb_ctx *confdb,
+- bool enabled);
+-
+ /* Helper functions to deal with the timestamp cache should not be used
+ * outside the sysdb itself. The timestamp cache should be completely
+ * opaque to the sysdb consumers
+diff --git a/src/tests/cmocka/test_negcache.c b/src/tests/cmocka/test_negcache.c
+index 3ed1cb14a..b3a379227 100644
+--- a/src/tests/cmocka/test_negcache.c
++++ b/src/tests/cmocka/test_negcache.c
+@@ -38,7 +38,6 @@
+ #include "util/util_sss_idmap.h"
+ #include "lib/idmap/sss_idmap.h"
+ #include "util/util.h"
+-#include "db/sysdb_private.h"
+ #include "responder/common/responder.h"
+ #include "responder/common/negcache.h"
+
+diff --git a/src/tests/cmocka/test_nss_srv.c b/src/tests/cmocka/test_nss_srv.c
+index 3cd7809cf..99ba02a80 100644
+--- a/src/tests/cmocka/test_nss_srv.c
++++ b/src/tests/cmocka/test_nss_srv.c
+@@ -36,7 +36,6 @@
+ #include "util/crypto/sss_crypto.h"
+ #include "util/crypto/nss/nss_util.h"
+ #include "util/sss_endian.h"
+-#include "db/sysdb_private.h" /* new_subdomain() */
+ #include "db/sysdb_iphosts.h"
+ #include "db/sysdb_ipnetworks.h"
+
+diff --git a/src/tests/cmocka/test_responder_cache_req.c b/src/tests/cmocka/test_responder_cache_req.c
+index 2611c589b..68a651240 100644
+--- a/src/tests/cmocka/test_responder_cache_req.c
++++ b/src/tests/cmocka/test_responder_cache_req.c
+@@ -27,7 +27,6 @@
+ #include "tests/cmocka/common_mock_resp.h"
+ #include "db/sysdb.h"
+ #include "responder/common/cache_req/cache_req.h"
+-#include "db/sysdb_private.h" /* new_subdomain() */
+
+ #define TESTS_PATH "tp_" BASE_FILE_STEM
+ #define TEST_CONF_DB "test_responder_cache_req_conf.ldb"
+--
+2.21.3
+
diff --git a/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch b/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
deleted file mode 100644
index 54eb096..0000000
--- a/SOURCES/0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-From 9ba6f33ee78e1c15847f11b8f75f8a8413034875 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?= <ppolawsk@redhat.com>
-Date: Tue, 3 Dec 2019 04:13:53 +0100
-Subject: [PATCH] sysdb_sudo: Enable LDAP time format compatibility
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-LDAP specification allows to ommit seconds and minutes
-in time border definition. In that case they defaults to zeros.
-Current sssd.sudo implementation requires precision up to
-seconds in time definition. This commit allows to lower
-the precision up to hours.
-
-Resolves:
-https://pagure.io/SSSD/sssd/issue/4118
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/db/sysdb_sudo.c | 16 ++++++++++++++++
- 1 file changed, 16 insertions(+)
-
-diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
-index 59d6824c0..18088b017 100644
---- a/src/db/sysdb_sudo.c
-+++ b/src/db/sysdb_sudo.c
-@@ -55,6 +55,22 @@ static errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time)
- "%Y%m%d%H%M%S.0%z",
- "%Y%m%d%H%M%S,0Z",
- "%Y%m%d%H%M%S,0%z",
-+ /* LDAP specification says that minutes and seconds
-+ might be omitted and in that case these are meant
-+ to be treated as zeros [1].
-+ */
-+ "%Y%m%d%H%MZ", /* Discard seconds */
-+ "%Y%m%d%H%M%z",
-+ "%Y%m%d%H%M.0Z",
-+ "%Y%m%d%H%M.0%z",
-+ "%Y%m%d%H%M,0Z",
-+ "%Y%m%d%H%M,0%z",
-+ "%Y%m%d%HZ", /* Discard minutes and seconds*/
-+ "%Y%m%d%H%z",
-+ "%Y%m%d%H.0Z",
-+ "%Y%m%d%H.0%z",
-+ "%Y%m%d%H,0Z",
-+ "%Y%m%d%H,0%z",
- NULL};
-
- for (format = formats; *format != NULL; format++) {
---
-2.20.1
-
diff --git a/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch b/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
new file mode 100644
index 0000000..a71043c
--- /dev/null
+++ b/SOURCES/0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
@@ -0,0 +1,89 @@
+From 2bad4d4b299440d33919a9fdb8c4d75814583e12 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 21:24:42 +0200
+Subject: [PATCH 16/19] ad: rename ads_get_root_id_ctx() to ads_get_dom_id_ctx
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Since the function can be used to get the id ctx of any domain the
+'root' is removed from the name.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 32 ++++++++++++++++----------------
+ 1 file changed, 16 insertions(+), 16 deletions(-)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index c53962283..a9a552ff7 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -1231,37 +1231,37 @@ static errno_t ad_get_slave_domain_recv(struct tevent_req *req)
+ }
+
+ static struct ad_id_ctx *
+-ads_get_root_id_ctx(struct be_ctx *be_ctx,
+- struct ad_id_ctx *ad_id_ctx,
+- struct sss_domain_info *root_domain,
+- struct sdap_options *opts)
++ads_get_dom_id_ctx(struct be_ctx *be_ctx,
++ struct ad_id_ctx *ad_id_ctx,
++ struct sss_domain_info *domain,
++ struct sdap_options *opts)
+ {
+ errno_t ret;
+ struct sdap_domain *sdom;
+- struct ad_id_ctx *root_id_ctx;
++ struct ad_id_ctx *dom_id_ctx;
+
+- sdom = sdap_domain_get(opts, root_domain);
++ sdom = sdap_domain_get(opts, domain);
+ if (sdom == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE,
+- "Cannot get the sdom for %s!\n", root_domain->name);
++ "Cannot get the sdom for %s!\n", domain->name);
+ return NULL;
+ }
+
+ if (sdom->pvt == NULL) {
+- ret = ad_subdom_ad_ctx_new(be_ctx, ad_id_ctx, root_domain,
+- &root_id_ctx);
++ ret = ad_subdom_ad_ctx_new(be_ctx, ad_id_ctx, domain,
++ &dom_id_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "ad_subdom_ad_ctx_new failed.\n");
+ return NULL;
+ }
+
+- sdom->pvt = root_id_ctx;
++ sdom->pvt = dom_id_ctx;
+ } else {
+- root_id_ctx = sdom->pvt;
++ dom_id_ctx = sdom->pvt;
+ }
+
+- root_id_ctx->ldap_ctx->ignore_mark_offline = true;
+- return root_id_ctx;
++ dom_id_ctx->ldap_ctx->ignore_mark_offline = true;
++ return dom_id_ctx;
+ }
+
+ struct ad_get_root_domain_state {
+@@ -1403,9 +1403,9 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- state->root_id_ctx = ads_get_root_id_ctx(state->be_ctx,
+- state->sd_ctx->ad_id_ctx,
+- root_domain, state->opts);
++ state->root_id_ctx = ads_get_dom_id_ctx(state->be_ctx,
++ state->sd_ctx->ad_id_ctx,
++ root_domain, state->opts);
+ if (state->root_id_ctx == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Cannot create id ctx for the root domain\n");
+ ret = EFAULT;
+--
+2.21.3
+
diff --git a/SOURCES/0016-zanata-Pulled-new-translations.patch b/SOURCES/0016-zanata-Pulled-new-translations.patch
deleted file mode 100644
index 34285fa..0000000
--- a/SOURCES/0016-zanata-Pulled-new-translations.patch
+++ /dev/null
@@ -1,65451 +0,0 @@
-From 9b5ad094419a8b557477f52d9f59653a30e36aac Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Michal=20=C5=BDidek?= <mzidek@redhat.com>
-Date: Wed, 12 Feb 2020 23:32:46 +0100
-Subject: [PATCH] zanata: Pulled new translations
-
----
- po/bg.po | 377 +++++++------
- po/ca.po | 377 +++++++------
- po/de.po | 377 +++++++------
- po/es.po | 395 ++++++-------
- po/eu.po | 376 +++++++------
- po/fr.po | 785 ++++++++++++++------------
- po/hu.po | 376 +++++++------
- po/id.po | 377 +++++++------
- po/it.po | 377 +++++++------
- po/ja.po | 503 +++++++++--------
- po/nb.po | 376 +++++++------
- po/nl.po | 377 +++++++------
- po/pl.po | 411 +++++++-------
- po/pt.po | 377 +++++++------
- po/pt_BR.po | 376 +++++++------
- po/ru.po | 377 +++++++------
- po/sssd.pot | 376 +++++++------
- po/sv.po | 395 ++++++-------
- po/tg.po | 376 +++++++------
- po/tr.po | 376 +++++++------
- po/uk.po | 414 +++++++-------
- po/zh_CN.po | 376 +++++++------
- po/zh_TW.po | 377 +++++++------
- src/man/po/br.po | 576 ++++++++++---------
- src/man/po/ca.po | 720 +++++++++++-------------
- src/man/po/cs.po | 604 ++++++++++----------
- src/man/po/de.po | 754 +++++++++++--------------
- src/man/po/es.po | 869 ++++++++++++++---------------
- src/man/po/eu.po | 560 ++++++++++---------
- src/man/po/fi.po | 590 ++++++++++----------
- src/man/po/fr.po | 740 +++++++++++--------------
- src/man/po/ja.po | 687 +++++++++++------------
- src/man/po/lv.po | 580 ++++++++++---------
- src/man/po/nl.po | 606 ++++++++++----------
- src/man/po/pt.po | 613 ++++++++++----------
- src/man/po/pt_BR.po | 560 ++++++++++---------
- src/man/po/ru.po | 577 ++++++++++---------
- src/man/po/sssd-docs.pot | 538 ++++++++++--------
- src/man/po/sv.po | 948 ++++++++++++-------------------
- src/man/po/tg.po | 572 ++++++++++---------
- src/man/po/uk.po | 1137 ++++++++++++++++++--------------------
- src/man/po/zh_CN.po | 576 ++++++++++---------
- 42 files changed, 11116 insertions(+), 10995 deletions(-)
-
-diff --git a/po/bg.po b/po/bg.po
-index 831ee28b8..fe9b87e90 100644
---- a/po/bg.po
-+++ b/po/bg.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:44+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Bulgarian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -699,7 +699,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP филтър за определяне права на достъп"
-
-@@ -770,737 +770,746 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Адрес на Kerberos сървър"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos област"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Директория за съхранение на кеша за данни за удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Местоположение на кеша за данни за удостоверяване на потребители"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Местоположение на keytab за валидиране на данните за удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Разреши проверката на данните за удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Записва паролата ако е офлайн за по-късно удостоверяване"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "Сървърът, на който работи услугата за смяна на парола ако не е на KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI на LDAP сървъра"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Базовият DN по подразбиране"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Използваният тип схема на LDAP сървъра, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Подразбиращият се bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Продължителност на опитите за свързване"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Продължителност на опитите за синхронни LDAP операции"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Продължителност на времето между опитите за връзка докато е офлайн"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Файл, съдържащ CA сертификати"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Път до директорията на CA сертификат"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Изисква TLS проверка на сертификат"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Задава за използване механизма sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Задаване на sasl authorization id за употреба"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Задаване на sasl authorization id за употреба"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "keytab на Kerberos услуга"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Ползвай Kerberos auth за LDAP връзка"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Следвай LDAP референциите"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Продължителност на живот на TGT за LDAP връзка"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Продължителност на време за изчакване на заявка за търсене"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Продължителност на време между актуализации на изброяване"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Изисква TLS за ИД справките"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "атрибут Потребителско име"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "атрибут UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "атрибут Първичен GID"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "атрибут GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "атрибут Домашна директория"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "атрибут Команден интерпретатор"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "атрибут User principal (за Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Пълно име"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "атрибут членНа"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "атрибут Момент на промяна"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Политика за определяне срок на валидност на парола"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Списък разрешени потребители, разделени със запетая"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Списък забранени потребители, разделени със запетая"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Подразбиращ се команден интерпретатор, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Място за домашните директории"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/ca.po b/po/ca.po
-index c0127b109..a7a8f9b34 100644
---- a/po/ca.po
-+++ b/po/ca.po
-@@ -14,7 +14,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2017-10-15 03:02+0000\n"
- "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
- "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
-@@ -767,7 +767,7 @@ msgid "Active Directory client hostname"
- msgstr "Nom d'amfitrió del client d'Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtre LDAP per determinar els privilegis d'accés"
-
-@@ -855,217 +855,226 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adreça del servidor Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adreça del servidor Kerberos de reserva"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Reialme Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Temps d'expiració de l'autenticació"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Si es creen els fitxers kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Si es rebutgen les parts de la configuració del krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directori per emmagatzemar la memòria cau de les credencials"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Ubicació de la memòria cau de les credencials de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Ubicació de la clau per validar les credencials"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Habilita la validació de credencials"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Emmagatzema la contrasenya si s'està desconnectat per a l'autenticació "
- "posterior amb connexió"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Temps de vida renovable del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Temps de vida del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Temps entre les dues comprovacions per a la renovació"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Habilita FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Selecciona el principal per utilitzar amb FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Habilita la canonització del principal"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Habilita els principals empresarials"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Servidor on es troba el servei de canvi de contrasenya si no està al KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, L'URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, L'URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "El DN base per defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "El tipus d'esquema en ús al servidor LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "El DN de creació del vincle per defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
- "El tipus del testimoni d'autenticació del DN de creació del vincle per "
- "defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "El testimoni d'autenticació del DN de creació del vincle per defecte"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Període de temps per intentar una connexió"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Període de temps per intentar operacions LDAP asíncrones"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Període de temps entre els intents per tornar a connectar mentre s'està "
- "desconnectat"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Utilitza només majúscules pels noms de reialme"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Fitxer que conté els certificats de l'AC"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Camí al directori del certificat de l'AC"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fitxer que conté el certificat de client"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fitxer que conté la clau de client"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Llista de paquets de xifrat possibles"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Requereix verificació de certificat TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Especifica el mecanisme SASL a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Especifica l'id. d'autorització SASL a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Especifica el reialme d'autorització SASL a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Especifica el SSF mínim per a l'autorització SASL de LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Taula de claus del servei del Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Utilitza l'autenticació Kerberos per a la connexió LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Segueix les referències LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Temps de vida del TGT per la connexió LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Com desreferenciar els àlies"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nom del servei per a la recerca del servei del DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "El nombre de registres a recuperar en una sola consulta LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "El nombre de membres que han de faltar per activar una de-referència completa"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1073,384 +1082,384 @@ msgstr ""
- "Si la biblioteca LDAP hauria de realitzar una recerca inversa per canonitzar "
- "el nom d'amfitrió durant la creació del vincle SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "L'atribut entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "L'atribut lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Quant de temps s'ha de retenir una connexió al servidor LDAP abans de "
- "desconnectar"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Inhabilita el control de paginació LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Inhabilita la recuperació de l'interval de l'Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Període de temps per esperar una petició de cerca"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Període de temps per esperar una petició d'enumeració"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Període de temps entre les actualitzacions de les enumeracions"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Període de temps entre les neteges de la memòria cau"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Requereix TLS per a la recerca d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Utilitza l'assignació dels id. de l'objectSID en lloc dels id. pre-establerts"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "DN base per a la recerca de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Abast de la recerca de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtre per a la recerca de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass per als usuaris"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "L'atribut nom d'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "L'atribut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "L'atribut GID primari"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "L'atribut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "L'atribut directori inicial"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "L'atribut shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "L'atribut UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "L'atribut objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "L'atribut grup primari de l'Active Directory per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "L'atribut usuari principal (per a Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nom complet"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "L'atribut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "L'atribut data de modificació"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "L'atribut shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "L'atribut shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "L'atribut shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "L'atribut shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "L'atribut shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "L'atribut shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "L'atribut shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "L'atribut que llista els serveis PAM autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "L'atribut que llista els amfitrions dels servidors autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "L'atribut krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "L'atribut krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "L'atribut que indica l'activació de les polítiques de contrasenya de servidor"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "L'atribut accountExpires de l'AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "L'atribut userAccountControl de l'AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "L'atribut nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "L'atribut loginDisabled del NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "L'atribut loginExpirationTime del NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "L'atribut loginAllowedTimeMap del NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "L'atribut clau pública SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "atribut que llista els tipus permesos d'autenticació per a un usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "atribut que conté el certificat X509 de l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Una llista dels atributs extres per baixar juntament amb l'entrada de "
- "l'usuari"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "DN base per a la recerca del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "L'objectclass per als grups"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nom del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Contrasenya del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "L'atribut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "L'atribut membre del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "L'atribut UUID del grup"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "L'atribut data de modificació per als grups"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Tipus del grup i altres senyals"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "DN base per a la recerca del grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "L'objectclass per als grups de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nom de grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "L'atribut membres del grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "L'atribut triple del grup de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "L'atribut data de modificació per als grups de xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "DN base per a la recerca del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objectclass per als serveis"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "L'atribut nom del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "L'atribut port del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "L'atribut protocol del servei"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Límit inferior per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Límit superior per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Nombres d'id. per cada porció en l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Utilitza l'algoritme compatible d'autorid per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nom del domini per defecte per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID del domini per defecte per a l'assignació d'id."
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Si s'utilitzen els grups amb testimonis"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Estableix el límit inferior per als id. permesos del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Estableix el límit superior per als id. permesos del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN per a les consultes ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Política per avaluar el venciment de la contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Quins atributs s'haurien d'utilitzar per avaluar si el compte ha vençut"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Quines regles s'haurien d'utilitzar per avaluar el control d'accés"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI d'un servidor LDAP on es permeten els canvis de contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI d'un servidor LDAP de reserva on es permeten els canvis de contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Nom del servei DNS pel servidor LDAP de canvi de contrasenyes"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1458,23 +1467,23 @@ msgstr ""
- "Si s'actualitza l'atribut ldap_user_shadow_last_change després d'un canvi de "
- "contrasenya"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "DN base per a la recerca de les regles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Període d'actualització automàtica completa"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Període d'actualització automàtica intel·ligent"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Si es filtren les regles per nom d'amfitrió, adreça IP i xarxa"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1482,143 +1491,143 @@ msgstr ""
- "Noms d'amfitrió i/o noms de domini plenament qualificat d'aquesta màquina "
- "per filtrar les regles de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Adreces IPv4 o IPv6 o xarxa d'aquesta màquina per filtrar regles de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Si s'inclouen les regles que contenen el grup de xarxa a l'atribut de "
- "l'amfitrió"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Si s'inclouen les regles que contenen expressions regulars a l'atribut de "
- "l'amfitrió"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objectclass de les regles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Nom de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Attribut command de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "L'atribut host de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "L'atribut user de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "L'atribut option de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "L'atribut runas de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "L'atribut runasuser de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "L'atribut runasgroup de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "L'atribut notbefore de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "L'atribut notafter de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "L'atribut order de la regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objectclass per a les assignacions de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "L'atribut nom de l'assignació de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
- "Objectclass per a les entrades de les assignacions de l'eina de muntatge "
- "automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
- "L'atribut clau d'entrada de l'assignació de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
- "L'atribut valor de l'entrada de l'assignació l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
- "DN base per a la recerca de l'assignació de l'eina de muntatge automàtic"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Llista separada per comes dels usuaris autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Llista separada per comes dels usuaris no autoritzats"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "El shell predeterminat, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base per als directoris inicials"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "El nom de la biblioteca NSS a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Si se cerca el nom del grup canònic des de la memòria cau, si és possible"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Pila PAM a utilitzar"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/de.po b/po/de.po
-index 644ede9bf..fc3fecde5 100644
---- a/po/de.po
-+++ b/po/de.po
-@@ -10,7 +10,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:45+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
-@@ -754,7 +754,7 @@ msgid "Active Directory client hostname"
- msgstr "Hostname des Active-Directory-Clients"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP-Filter zum Bestimmen der Zugriffsprivilegien"
-
-@@ -825,213 +825,222 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos-Serveradresse"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adresse des Ersatz-Kerberos-Servers"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-Realm"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Zeitüberschreitung bei Authentifizierung"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Gibt an, ob kdcinfo-Dateien angelegt werden"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Verzeichnis zum Speichern der Anmeldedaten"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Ort des Zwischenspeichers für die Anmeldedaten des Benutzers"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Ort der Schlüsseltabelle zum Überprüfen von Anmeldedaten"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Validierung der Anmeldedaten aktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Passwort im Offline-Modus für spätere Online-Anmeldung speichern"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Erneuerung der Lebensdauer des TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Lebensdauer des TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Zeitspanne zwischen zwei Prüfungen, ob Erneuerung nötig ist"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Aktiviert FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Wählt den für FAST zu verwendenden Principal aus"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Aktiviert Kanonisierung des Principals"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Enterprise-Principals aktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Server, auf dem der Dienst zum Ändern des Passworts läuft, falls nicht KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, die URI des LDAP-Servers"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, die URI des LDAP-Servers"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Vorgegebene Basis-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Der vom LDAP-Server verwendete Schema-Typ gemäß RFC2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Vorgegebene Bind-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Typ des Authentifizierungs-Tokens der vorgegebenen Bind-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Authentifizierungs-Token für die vorgegebene Bind-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Zeitspanne für einen Verbindungsversuch"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Zeitspanne für Versuche zur Ausführung synchroner LDAP-Vorgänge"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Zeitspanne zwischen Versuchen zum erneuten Verbindungsaufbau im Offline-Modus"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Nur Großschreibung für Realm-Namen verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Datei, die CA-Zertifikate enthält"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Pfad zum CA-Zertifikatverzeichnis"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Datei, die das Client-Zertifikat enthält"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Datei, die den Client-Schlüssel enthält"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Liste der möglichen Verschlüsselungs-Suites"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "TLS-Zertifikatüberprüfung erforderlich machen"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Zu verwendenden sasl-Mechanismus angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Zu verwendende ID für sasl-Authentifizierung angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Zu verwendenden Realm für sasl-Authentifizierung angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Gibt den minimalen SSF für die SASL-Authentifizierung über LDAP an"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Schlüsseltabelle des Kerberos-Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Kerberos-Authentifizierung für LDAP-Verbindung verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "LDAP-Verweisen folgen"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Lebensdauer von TGT für LDAP-Verbindung"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Dereferenzierung von Aliasen"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Dienstname für DNS-Service-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Anzahl der in einer einzelnen LDAP-Abfrage zu holenden Datensätze"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Anzahl der Elemente, die fehlen müssen, um eine vollständige "
- "Dereferenzierung auszulösen"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1039,383 +1048,383 @@ msgstr ""
- "Gibt an, ob die LDAP-Bibliothek eine Rückwärtssuche ausführen soll, um den "
- "Rechnernamen während einer SASL-Bindung zu kanonisieren"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Zeitspanne zum Halten einer Verbindung zum LDAP-Server, bis diese "
- "unterbrochen wird"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "LDAP-Paging-Steuerung deaktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Bereichsermittlung für Active Directory deaktivieren"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Zeitspanne zum Warten auf eine Suchanfrage"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Zeitspanne zum Warten auf eine Auflistungsanfrage"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Zeitspanne zwischen Auflistungsanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Zeitspanne zwischen den Leerungen des Zwischenspeichers"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "TLS für ID-Suchvorgänge erforderlich machen"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "ID-Zuweisung von objectSID anstelle von voreingestellten IDs verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Basis-DN für Benutzer-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Bereich für Benutzer-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter für Benutzer-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objektklasse für Benutzer"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Benutzername-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Primäres GID-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Home-Verzeichnis-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Shell-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID -Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Active-Directory-Primärgruppen-Attribut für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Principal-Attribut verwenden (für Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Vollständiger Name"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Änderungszeit-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribut, welches die autorisierten PAM-Dienste auflistet"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Attribut, welches die autorisierten Server-Hosts auflistet"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "Attribut, welches angibt, dass die serverseitigen Passwortregeln aktiv sind"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "accountExpires-Attribut von AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "userAccountControl-Attribut von AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "loginDisabled-Attribut von NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "loginExpirationTime-Attribut von NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "loginAllowedTimeMap-Attribut von NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Attribut für öffentlichen SSH-Schlüssel"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Eine Liste der zusätzlich herunterzuladender Attribute zusammen mit dem "
- "Benutzereintrag"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Basis-DN für Gruppen-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Objektklasse für Gruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Gruppenname"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Gruppenpasswort"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Gruppen-ID-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Gruppen-Mitgliedschafts-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Änderungszeit-Attribut für Gruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Typ der Gruppe und weitere Flags"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Basis-DN für Netzgruppen-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Objektklasse für Netzgruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Netzgruppenname"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Netzgruppen-Mitglieder-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Netzgruppen-Tripel-Attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Änderungszeit-Attribut für Netzgruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Basis-DN für Dienste-Suchanfragen"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objektklasse für Dienste"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Name-Attribut des Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Port-Attribut des Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Protokoll-Attribut des Dienstes"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Untere Grenze für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Obere Grenze für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Anzahl der IDs für jeden Teil bei der ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "autorid-kompatiblen Algorithmus für ID-Zuweisung verwenden"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Name der Vorgabe-Domain für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID der Vorgabedomain für ID-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Verwendung von Token-Gruppen"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Untere Grenze für zulässige IDs des LDAP-Servers angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Obere Grenze für zulässige IDs des LDAP-Servers angeben"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Regel zum Ermitteln der Ablaufzeit des Passworts"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Attribute, die bei der Ermittlung verwendet werden, ob ein Konto abgelaufen "
- "ist"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Regeln für die Ermittlung der Zugriffskontrolle"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI eines LDAP-Servers, wo Passwortänderungen zulässig sind"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "URI eines Ersatz-LDAP-Servers, wo Passwortänderungen zulässig sind"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "DNS-Dienstname für den LDAP-Passwortänderungsserver"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1423,25 +1432,25 @@ msgstr ""
- "Gibt an, ob das Attribut ldap_user_shadow_last_change nach einer "
- "Passwortänderung aktualisiert werden soll"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Basis-DN für Suchanfragen nach Sudo-Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Periode für automatische vollständige Aktualisierung"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Periode für bedingte vollständige Aktualisierung"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Gibt an, ob Regeln nach Hostnamen, IP-Adressen oder Netzwerken gefiltert "
- "werden sollen"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1449,140 +1458,140 @@ msgstr ""
- "Hostnamen und/oder voll ausgeschriebene Domain-Namen dieses Rechners zum "
- "Filtern von Sudo-Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "IPv4- oder IPv6-Adressen oder Netzwerk dieses Rechners zum Filtern von sudo-"
- "Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die "
- "Netzgruppen enthalten"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Gibt an, ob Regeln im Host-Attribut einbezogen werden sollen, die reguläre "
- "Ausdrücke enthalten"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objektklasse für Sudo-Regeln"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Sudo-Regelname"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Befehlsattribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Host-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Benutzer-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Optionsattribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "runasuser-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "runasgroup-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "notbefore-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "notafter-Attribut der sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Reihenfolge-Attribut der Sudo-Regel"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objektklasse für Automounter-Zuweisungen"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Name-Attribut der Automounter-Zuweisung"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objektklasse für Einträge von Automounter-Zuweisungen"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Schlüssel-Attribut des Automounter-Zuweisungseintrags"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Wert-Attribut des Automounter-Zuweisungseintrags"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Basis-DN für Suchanfragen nach Automounter-Zuweisungen"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Durch Kommata getrennte Liste der erlaubten Benutzer"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Durch Kommata getrennte Liste der verbotenen Benutzer"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Vorgabeshell, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Wurzel für Benutzerverzeichnisse"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Name der zu verwendenden NSS-Bibliothek"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Gibt an, ob wenn möglich im Zwischenspeicher nach dem kanonischen "
- "Gruppennamen gesucht werden soll"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Zu verwendender PAM-Stapel"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/es.po b/po/es.po
-index d5dee5ecb..d3b5a5eff 100644
---- a/po/es.po
-+++ b/po/es.po
-@@ -18,7 +18,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2019-08-26 09:45+0000\n"
- "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
- "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
-@@ -794,7 +794,7 @@ msgid "Active Directory client hostname"
- msgstr "Nombre de host del cliente de Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtro LDAP para determinar privilegios de acceso"
-
-@@ -884,215 +884,224 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr "Opción para afinar la tarea de renovación de la cuenta de la máquina"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Dirección del servidor Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Dirección del servidor de respaldo Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Reinado Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Expiración de la autenticación"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Si se crean ficheros kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Dónde soltar los fragmentos de configuración de krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directorio donde almacenar las credenciales cacheadas"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Ubicación del caché de credenciales del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Ubicación de la tabla de claves para validar las credenciales"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Habilitar la validación de credenciales"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Si se encuentra desconectado, almacena contraseñas para más tarde realizar "
- "una autenticación en línea"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "ciclo de vida renovable del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "ciclo de vida del TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "tiempo entre dos comprobaciones para renovación "
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Habilita FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Selecciona el principal para su uso por FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Habilita canonicalización principal"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Permite los principios de la empresa"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
- "Un mapeo desde los nombres de usuario a los nombres de principal de Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "El servidor en donde está ejecutándose el servicio de modificación de "
- "contraseña, en caso de no ser KDC. "
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, El URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, La URI del servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "DN base predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "El Tipo de Esquema a usar en el servidor LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Modo usado para cambiar la contraseña de usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "El DN Bind predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "El tipo del token de autenticación del DN bind predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "El token de autenticación del DN bind predeterminado"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Tiempo durante el que se intentará la conexión"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Tiempo durante el que se intentará operaciones LDAP sincrónicas"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Tiempo entre intentos de reconexión cuando esté fuera de línea"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Use solo el caso superior para nombres reales"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Archivo que contiene los certificados CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Ruta hacia un directorio certificado CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fichero que contiene el certificado de cliente"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fichero que contiene la llave de cliente"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista de posibles suites de cifrado"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Requiere la verificación de certificado TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Especificar el mecanismo sasl a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Especifique el id de autorización sasl a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Especifica el reinado de autorización sasl a ser utilizado"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Especificar los SSF mínimos para autorizaciones sasl de LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Tabla de clave del servicio Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Usar auth Kerberos para la conexión LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Seguir referencias LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Período de vida del TGT para la conexión LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Como eliminar aliases"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nombre de servicio para busquedas de servicios DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "La cantidad de registros a ser obtenidos en una única consulta LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "La cantidad de miembros que deben faltar para desencadenar una deref completa"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1100,389 +1109,389 @@ msgstr ""
- "Si la Biblioteca LDAP debería realizar una búsqueda inversa para "
- "canonicalizar el nombre del host durante un enlace SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "atributo entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "atributo lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "El período de tiempo máximo para retener una conexión con el servidor LDAP "
- "antes de desconectar"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Deshabilita el control de paginación LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Deshabilitar el rango de recuperación Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tiempo máximo a esperar un pedido de búsqueda"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "periodo de espera para solicitud de enumeración"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Tiempo en segundos entre las actualizaciones de enumeración"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "periodo de tiempo entre borrados de la caché"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Requiere TLS para búsquedas de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "Usar el mapeado ID de objectSID en lugar de las IDs preajustadas"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "DN base para búsquedas de usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Ambito de las búsquedas del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtro para las búsquedas del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass para los usuarios"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atributo Username"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atributo UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Atributo GID primario"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atributo GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atributo Directorio de inicio"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atributo shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "Atributo UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "Atributo objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Atributo primario del grupo Active Directory para el mapeado de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atributo principal del usuario (para Kerberos) "
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nombre completo"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atributo memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atributo hora de modificación"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "atributo shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "atributo shadowMin "
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "atributo shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "atributo shadowWarning "
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "atributo shadowInactive "
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "atributo shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "atributo shadowFlag "
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "listado de atributos de servicios PAM autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Atributo de listado de equipos de servidor autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Atributo listando los rhosts de los servidores autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "atributo krbLastPwdChange "
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "atributo krbPasswordExpiration "
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "atributo indicando que las políticas de contraseña del lado del servidor "
- "están activas"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "atributo accountExpires de AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "atributo userAccountControl de AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "atributo nsAccountLock "
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "loginDisabled atributo de NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "loginExpirationTime atributo de NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "loginAllowedTimeMap atributo de NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Atributo de clave pública SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
- "atributo listando los tipos de autenticación permitidos para un usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "atributo conteniendo el certificado X509 del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "atributo que contiene la dirección de correo electrónico del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Una lista de los atributos extra a descargar junto con la entrada del usuario"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "DN base para busqueda de grupos"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "clase objeto para"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nombre del grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Contraseña del grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Atributo GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Atributo de miembro del grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Atributo UUID de grupo"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Atributo de modificación de tiempo para los grupos"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Tipo del grupo y otras banderas"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "Atributo de miembro de grupo externo LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Máximo nivel de anidamiento que seguirá SSSD"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "DN base para búsquedas de grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Clases de objetos para grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nombre de grupo de red"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Atributo de miembros de grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Atributo triple de grupo de red"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Atributo de modificación de tiempo para grupos de red"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Base DN para servicio de búsquedas"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Clase de objeto para servicio"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Atributo de nombre de servicio"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Atributo de puerto de servicio"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Atributo de protocolo de servidor"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Límite más bajo para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Límite más alto para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Número de IDs por cada trozo cuando se mapean ID"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Usar el algoritmo compatible con autorid para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nombre del dominio por defecto para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID del dominio por defecto para el mapeo de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Número de trozos secundarios"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Si usar Token-Groups"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Fijar el límite más bajo de IDs permitidas desde el servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
- "Fijar el límite más alto para las IDs permitidas desde el servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN para consultas ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "Máximas entradas a recuperar durante una solicitud de comodín"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Política para evaluar el vencimiento de la contraseña"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Los atributos que deberán ser utilizados para evaluar si una cuenta ha "
- "expirado"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Las reglas que deberían ser utilizadas para evaluar control de acceso"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
- "URI de un servidor LDAP donde se permite la modificación de contraseñas"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI de un servidor de respaldo LDAP donde están permitidos los cambios de "
- "contraseña"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
- "Nombre del servicio DNS para el servidor de modificación de contraseñas LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1490,23 +1499,23 @@ msgstr ""
- "Si actualizar el atributo ldap_user_shadow_last_change después de un cambio "
- "de contraseña"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Base DN para búsquedas de reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Período de refresco total automático"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Período de refresco inteligente automático"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Si filtrar la reglas por nombre de host, direcciones IP y red"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1514,133 +1523,133 @@ msgstr ""
- "Nombres de host y/o nombres de dominio totalmente cualificado de esta "
- "máquina para filtrar las reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr "Direcciones o red IPv4 o IPv6 de esta máquina para filtrar reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr "Si incluir reglas que contienen netgroup en el atributo de host"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Si incluir reglas que contengan expresiones regulares en el atributo de host"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objeto clase para reglas sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Nombre de regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Atributo de regla de comando sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Atributo de la regla host de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Atributo de la regla usuario de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Atributo de la regla opción de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Atributo runas de regla sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Atributo de la regla suda runasuser"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Atributo de regla runasgroup de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Atributo de regla notbefore de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Atributo de regla noafter de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Atributo de regla orden de sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objeto clase para mapas automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Atributo de nombre de mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objeto clase para entradas de mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Atributo de clave de entrada para mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Atributo de valor de entrada para mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Base DN para búsquedas de mapa de automontador"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista separada por comas de usuarios autorizados"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista separada por comas de usuarios prohibidos"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell predeterminado, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base de los directorios de inicio"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Número de hijos proxy prefabricados"
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Nombre de la biblioteca NSS a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Si buscar el nombre canónico del grupo desde el cache si es posible"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Pila PAM a usar"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Ruta de las fuentes del fichero passwd"
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Ruta de las fuentes del fichero group"
-
-@@ -2571,14 +2580,14 @@ msgid "Search by group ID"
- msgstr "Búsqueda por ID de grupo"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Incapaz de analizar el nombre %s.\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "El socket SSSD no existe."
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2597,13 +2606,10 @@ msgid "Error while reading configuration directory.\n"
- msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Fichero %1$s no existe. SSSD usará la configuración predeterminada con "
--"ficheros del suministrador.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
-@@ -2620,9 +2626,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Mensajes generados durante la configuración de la fusión: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Configuración usada retazos de ficheros: %u\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2721,9 +2727,8 @@ msgid "Online status: %s\n"
- msgstr "Estado en línea: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Mostrar información sobre el servidor activo"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-diff --git a/po/eu.po b/po/eu.po
-index dce3b6ba4..a0d93d3cf 100644
---- a/po/eu.po
-+++ b/po/eu.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:45+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "FAST gaitzen du"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Izen osoa"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "ADren accountExpires atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "ADren userAccountControl atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Talde-izena"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Taldearen pasahitza"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID atributua"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell lehenetsia, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/fr.po b/po/fr.po
-index db16ecd39..c3756af43 100644
---- a/po/fr.po
-+++ b/po/fr.po
-@@ -9,13 +9,14 @@
- # Mariko Vincent <dweu60@gmail.com>, 2012
- # Jérôme Fenal <jfenal@gmail.com>, 2015. #zanata
- # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
- msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2016-02-24 03:43+0000\n"
--"Last-Translator: Jérôme Fenal <jfenal@gmail.com>\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2020-01-14 01:48+0000\n"
-+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
- "fr/)\n"
- "Language: fr\n"
-@@ -45,7 +46,7 @@ msgstr "Écrire les messages de débogage dans les journaux"
-
- #: src/config/SSSDConfig/__init__.py.in:48
- msgid "Watchdog timeout before restarting service"
--msgstr ""
-+msgstr "Délai de surveillance avant le redémarrage du service"
-
- #: src/config/SSSDConfig/__init__.py.in:49
- msgid "Command to start service"
-@@ -67,11 +68,13 @@ msgstr "durée d'inactivité avant la déconnexion automatique d'un client"
-
- #: src/config/SSSDConfig/__init__.py.in:53
- msgid "Idle time before automatic shutdown of the responder"
--msgstr ""
-+msgstr "Temps d'inactivité avant l'arrêt automatique du répondeur"
-
- #: src/config/SSSDConfig/__init__.py.in:54
- msgid "Always query all the caches before querying the Data Providers"
- msgstr ""
-+"Interrogez toujours tous les caches avant d'interroger les fournisseurs de "
-+"données"
-
- #: src/config/SSSDConfig/__init__.py.in:57
- msgid "SSSD Services to start"
-@@ -113,7 +116,7 @@ msgstr "L'utilisation vers lequel abandonner les privilèges"
-
- #: src/config/SSSDConfig/__init__.py.in:65
- msgid "Tune certificate verification"
--msgstr ""
-+msgstr "Régler la vérification du certificat"
-
- #: src/config/SSSDConfig/__init__.py.in:66
- msgid "All spaces in group or user names will be replaced with this character"
-@@ -123,15 +126,15 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:67
- msgid "Tune sssd to honor or ignore netlink state changes"
--msgstr ""
-+msgstr "Régler sssd pour honorer ou ignorer les changements d'état du netlink"
-
- #: src/config/SSSDConfig/__init__.py.in:68
- msgid "Enable or disable the implicit files domain"
--msgstr ""
-+msgstr "Activer ou désactiver le domaine des fichiers implicites"
-
- #: src/config/SSSDConfig/__init__.py.in:69
- msgid "A specific order of the domains to be looked up"
--msgstr ""
-+msgstr "Un ordre spécifique des domaines à rechercher"
-
- #: src/config/SSSDConfig/__init__.py.in:72
- msgid "Enumeration cache timeout length (seconds)"
-@@ -150,7 +153,7 @@ msgstr "Délai d'attente du cache négatif (en secondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:75
- msgid "Files negative cache timeout length (seconds)"
--msgstr ""
-+msgstr "Délai d'attente du cache négatif (en secondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:76
- msgid "Users that SSSD should explicitly ignore"
-@@ -214,7 +217,7 @@ msgstr "Durée de maintien en cache des enregistrements valides"
-
- #: src/config/SSSDConfig/__init__.py.in:88
- msgid "List of user attributes the NSS responder is allowed to publish"
--msgstr ""
-+msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
-
- #: src/config/SSSDConfig/__init__.py.in:91
- msgid "How long to allow cached logins between online logins (days)"
-@@ -242,7 +245,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:95
- msgid "Filter PAM responses sent to the pam_sss"
--msgstr ""
-+msgstr "Filtrez les réponses PAM envoyées à l'adresse pam_sss"
-
- #: src/config/SSSDConfig/__init__.py.in:96
- msgid "How many seconds to keep identity information cached for PAM requests"
-@@ -272,36 +275,40 @@ msgstr "Message affiché lorsque le compte a expiré"
-
- #: src/config/SSSDConfig/__init__.py.in:101
- msgid "Message printed when user account is locked."
--msgstr ""
-+msgstr "Message affiché lorsque le compte a expiré"
-
- #: src/config/SSSDConfig/__init__.py.in:102
- msgid "Allow certificate based/Smartcard authentication."
--msgstr ""
-+msgstr "Autoriser l'authentification par certificat/carte à puce."
-
- #: src/config/SSSDConfig/__init__.py.in:103
- msgid "Path to certificate database with PKCS#11 modules."
- msgstr ""
-+"Chemin d'accès à la base de données des certificats des modules PKCS#11."
-
- #: src/config/SSSDConfig/__init__.py.in:104
- msgid "How many seconds will pam_sss wait for p11_child to finish"
--msgstr ""
-+msgstr "Combien de secondes pam_sss attendra-t-il la fin de p11_child"
-
- #: src/config/SSSDConfig/__init__.py.in:105
- msgid "Which PAM services are permitted to contact application domains"
- msgstr ""
-+"Quels services PAM sont autorisés à contacter les domaines d'application"
-
- #: src/config/SSSDConfig/__init__.py.in:106
- msgid "Allowed services for using smartcards"
--msgstr ""
-+msgstr "Services autorisés pour l'utilisation de cartes à puce"
-
- #: src/config/SSSDConfig/__init__.py.in:107
- msgid "Additional timeout to wait for a card if requested"
--msgstr ""
-+msgstr "Délai d'attente supplémentaire pour l'obtention d'une carte si demandé"
-
- #: src/config/SSSDConfig/__init__.py.in:108
- msgid ""
- "PKCS#11 URI to restrict the selection of devices for Smartcard authentication"
- msgstr ""
-+"URI PKCS#11 pour limiter la sélection des périphériques pour "
-+"l'authentification par carte à puce"
-
- #: src/config/SSSDConfig/__init__.py.in:111
- msgid "Whether to evaluate the time-based attributes in sudo rules"
-@@ -309,13 +316,15 @@ msgstr "Faut-il évaluer les attributs dépendants du temps dans les règles sud
-
- #: src/config/SSSDConfig/__init__.py.in:112
- msgid "If true, SSSD will switch back to lower-wins ordering logic"
--msgstr ""
-+msgstr "Si sur true, SSSD repasse en logique de commande à faible gain"
-
- #: src/config/SSSDConfig/__init__.py.in:113
- msgid ""
- "Maximum number of rules that can be refreshed at once. If this is exceeded, "
- "full refresh is performed."
- msgstr ""
-+"Nombre maximum de règles pouvant être rafraîchies en même temps. En cas de "
-+"dépassement, un rafraîchissement complet est effectué."
-
- #: src/config/SSSDConfig/__init__.py.in:119
- msgid "Whether to hash host names and addresses in the known_hosts file"
-@@ -332,17 +341,19 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:121
- msgid "Path to storage of trusted CA certificates"
--msgstr ""
-+msgstr "Chemin d'accès au stockage des certificats d'AC de confiance"
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "Permet de générer des ssh-keys à partir de certificats"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"Utilisez les règles de correspondance suivantes pour filtrer les certificats "
-+"pour la génération de clés ssh"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -351,7 +362,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:127
- msgid "How long the PAC data is considered valid"
--msgstr ""
-+msgstr "Durée de validité des données du PAC"
-
- #: src/config/SSSDConfig/__init__.py.in:130
- msgid "List of UIDs or user names allowed to access the InfoPipe responder"
-@@ -365,83 +376,94 @@ msgstr "Liste des attributs utilisateur que l'InfoPipe est autorisé à publier"
-
- #: src/config/SSSDConfig/__init__.py.in:134
- msgid "The provider where the secrets will be stored in"
--msgstr ""
-+msgstr "Le fournisseur où les secrets seront stockés"
-
- #: src/config/SSSDConfig/__init__.py.in:135
- msgid "The maximum allowed number of nested containers"
--msgstr ""
-+msgstr "Le nombre maximal de conteneurs imbriqués autorisés"
-
- #: src/config/SSSDConfig/__init__.py.in:136
- msgid "The maximum number of secrets that can be stored"
--msgstr ""
-+msgstr "Le nombre maximum de secrets qui peuvent être stockés"
-
- #: src/config/SSSDConfig/__init__.py.in:137
- msgid "The maximum number of secrets that can be stored per UID"
--msgstr ""
-+msgstr "Le nombre maximum de secrets qui peuvent être stockés par UID"
-
- #: src/config/SSSDConfig/__init__.py.in:138
- msgid "The maximum payload size of a secret in kilobytes"
--msgstr ""
-+msgstr "La taille maximale de la charge utile d'un secret en kilo-octets"
-
- #: src/config/SSSDConfig/__init__.py.in:140
- msgid "The URL Custodia server is listening on"
--msgstr ""
-+msgstr "L'URL du serveur Custodia est en écoute sur"
-
- #: src/config/SSSDConfig/__init__.py.in:141
- msgid "The method to use when authenticating to a Custodia server"
- msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia"
-
- #: src/config/SSSDConfig/__init__.py.in:142
- msgid ""
- "The name of the headers that will be added into a HTTP request with the "
- "value defined in auth_header_value"
- msgstr ""
-+"Le nom des en-têtes qui seront ajoutés dans une requête HTTP avec la valeur "
-+"définie dans auth_header_value"
-
- #: src/config/SSSDConfig/__init__.py.in:143
- msgid "The value sssd-secrets would use for auth_header_name"
--msgstr ""
-+msgstr "La valeur que sssd-secrets utiliseraient pour auth_header_name"
-
- #: src/config/SSSDConfig/__init__.py.in:144
- msgid ""
- "The list of the headers to forward to the Custodia server together with the "
- "request"
- msgstr ""
-+"La liste des en-têtes à transmettre au serveur Custodia avec la requête"
-
- #: src/config/SSSDConfig/__init__.py.in:145
- msgid ""
- "The username to use when authenticating to a Custodia server using basic_auth"
- msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia "
-+"utilisant basic_auth"
-
- #: src/config/SSSDConfig/__init__.py.in:146
- msgid ""
- "The password to use when authenticating to a Custodia server using basic_auth"
- msgstr ""
-+"La méthode à utiliser lors de l'authentification via un serveur Custodia "
-+"utilisant basic_auth"
-
- #: src/config/SSSDConfig/__init__.py.in:147
- msgid "If true peer's certificate is verified if proxy_url uses https protocol"
- msgstr ""
-+"Le certificat pair true est vérifié si proxy_url utilise le protocole https"
-
- #: src/config/SSSDConfig/__init__.py.in:148
- msgid ""
- "If false peer's certificate may contain different hostname than proxy_url "
- "when https protocol is used"
- msgstr ""
-+"Le certificat pair false peut contenir un nom d'hôte différent de proxy_url "
-+"lorsque le protocole https est utilisé"
-
- #: src/config/SSSDConfig/__init__.py.in:149
- msgid "Path to directory where certificate authority certificates are stored"
--msgstr ""
-+msgstr "Chemin d'accès au répertoire où sont stockés les certificats CA"
-
- #: src/config/SSSDConfig/__init__.py.in:150
- msgid "Path to file containing server's CA certificate"
--msgstr ""
-+msgstr "Chemin d'accès au fichier contenant le certificat CA du serveur"
-
- #: src/config/SSSDConfig/__init__.py.in:151
- msgid "Path to file containing client's certificate"
--msgstr ""
-+msgstr "Chemin d'accès au fichier contenant le certificat du client"
-
- #: src/config/SSSDConfig/__init__.py.in:152
- msgid "Path to file containing client's private key"
--msgstr ""
-+msgstr "Chemin d'accès au fichier contenant la clé privée du client"
-
- #: src/config/SSSDConfig/__init__.py.in:155
- msgid "Identity provider"
-@@ -473,15 +495,15 @@ msgstr "Fournisseur d'identité de l'hôte"
-
- #: src/config/SSSDConfig/__init__.py.in:162
- msgid "SELinux provider"
--msgstr ""
-+msgstr "Fournisseur SELinux"
-
- #: src/config/SSSDConfig/__init__.py.in:163
- msgid "Session management provider"
--msgstr ""
-+msgstr "Fournisseur de gestion de session"
-
- #: src/config/SSSDConfig/__init__.py.in:166
- msgid "Whether the domain is usable by the OS or by applications"
--msgstr ""
-+msgstr "Si le domaine est utilisable par l'OS ou par des applications"
-
- #: src/config/SSSDConfig/__init__.py.in:167
- msgid "Minimum user ID"
-@@ -533,10 +555,14 @@ msgid ""
- "How long should SSSD talk to single DNS server before trying next server "
- "(miliseconds)"
- msgstr ""
-+"Combien de temps le SSSD doit-il parler à un seul serveur DNS avant "
-+"d'essayer le serveur suivant (en millisecondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:177
- msgid "How long should keep trying to resolve single DNS query (seconds)"
- msgstr ""
-+"Combien de temps faut-il continuer à essayer de résoudre une seule requête "
-+"DNS (en secondes)"
-
- #: src/config/SSSDConfig/__init__.py.in:178
- msgid "How long to wait for replies from DNS when resolving servers (seconds)"
-@@ -598,7 +624,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:196
- msgid "Override the DNS server used to perform the DNS update"
--msgstr ""
-+msgstr "Remplace le serveur DNS utilisé pour effectuer la mise à jour du DNS"
-
- #: src/config/SSSDConfig/__init__.py.in:197
- msgid "Control enumeration of trusted domains"
-@@ -614,15 +640,18 @@ msgstr "Listes des options qui doivent être héritées dans le sous-domaine"
-
- #: src/config/SSSDConfig/__init__.py.in:200
- msgid "Default subdomain homedir value"
--msgstr ""
-+msgstr "Valeur par défaut du sous-domaine homedir"
-
- #: src/config/SSSDConfig/__init__.py.in:201
- msgid "How long can cached credentials be used for cached authentication"
- msgstr ""
-+"Combien de temps les informations d'identification en cache peuvent-elles "
-+"être utilisées pour l'authentification en cache"
-
- #: src/config/SSSDConfig/__init__.py.in:204
- msgid "Whether to automatically create private groups for users"
- msgstr ""
-+"S'il faut créer automatiquement des groupes privés pour les utilisateurs"
-
- #: src/config/SSSDConfig/__init__.py.in:207
- msgid "IPA domain"
-@@ -716,19 +745,23 @@ msgstr "Classe d'objet surchargeant les groupes"
-
- #: src/config/SSSDConfig/__init__.py.in:229
- msgid "Search base for Desktop Profile related objects"
--msgstr ""
-+msgstr "Base de recherche pour les objets liés au Profil du Bureau"
-
- #: src/config/SSSDConfig/__init__.py.in:230
- msgid ""
- "The amount of time in seconds between lookups of the Desktop Profile rules "
- "against the IPA server"
- msgstr ""
-+"Le temps, en secondes, entre les consultations des règles du profil du "
-+"bureau sur le serveur IPA"
-
- #: src/config/SSSDConfig/__init__.py.in:231
- msgid ""
- "The amount of time in minutes between lookups of Desktop Profiles rules "
- "against the IPA server when the last request did not find any rule"
- msgstr ""
-+"Le temps en minutes entre les consultations des règles de profile de bureau "
-+"sur le serveur IPA lorsque la dernière requête n'a trouvé aucune règle"
-
- #: src/config/SSSDConfig/__init__.py.in:234
- msgid "Active Directory domain"
-@@ -736,7 +769,7 @@ msgstr "Domaine Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:235
- msgid "Enabled Active Directory domains"
--msgstr ""
-+msgstr "Domaine d’Active Directory activés"
-
- #: src/config/SSSDConfig/__init__.py.in:236
- msgid "Active Directory server address"
-@@ -751,7 +784,7 @@ msgid "Active Directory client hostname"
- msgstr "Nom de système du client Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtre LDAP pour déterminer les autorisations d'accès"
-
-@@ -835,220 +868,232 @@ msgstr "un site particulier utilisé par le client"
- msgid ""
- "Maximum age in days before the machine account password should be renewed"
- msgstr ""
-+"Âge maximum en jours avant que le mot de passe du compte de la machine ne "
-+"soit renouvelé"
-
- #: src/config/SSSDConfig/__init__.py.in:254
- msgid "Option for tuning the machine account renewal task"
-+msgstr "Option de réglage de la tâche de renouvellement du compte machine"
-+
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adresse du serveur Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adresse du serveur Kerberos de secours"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Domaine Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Délai avant expiration de l'authentification"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Choisir de créer ou non les fichiers kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Où déposer les extraits de configuration krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Répertoire pour stocker les caches de crédits"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Emplacement du cache de crédits de l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Emplacement du fichier keytab de validation des crédits"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Activer la validation des crédits"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Stocker le mot de passe, si hors-ligne, pour une authentification ultérieure "
- "en ligne"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Durée de vie renouvelable du TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Durée de vie du TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Durée entre deux vérifications pour le renouvellement"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Active FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Sélectionne le principal à utiliser avec FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Active la canonisation du principal"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Active les principals d'entreprise"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-+"Un mappage des noms d'utilisateurs vers les noms de principaux Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Serveur où tourne le service de changement de mot de passe s'il n'est pas "
- "sur le KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, l'adresse du serveur LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, l'URI du serveur LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "La base DN par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Le type de schéma utilisé sur le serveur LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
--msgstr ""
-+msgstr "Mode utilisé pour modifier le mot de passe utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Le DN de connexion par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Le type de jeton d'authentification du DN de connexion par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Le jeton d'authentification du DN de connexion par défaut"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Durée pendant laquelle il sera tenté d'établir la connexion"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Durée pendant laquelle il sera tenté des opérations LDAP synchrones"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Durée d'attente entre deux essais de reconnexion en mode hors-ligne"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "N'utiliser que des majuscules pour les noms de domaine"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Fichier contenant les certificats des CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Chemin vers le répertoire de certificats des CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fichier contenant le certificat client"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fichier contenant la clé du client"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Liste des suites de chiffrement possibles"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Requiert une vérification de certificat TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Spécifier le mécanisme SASL à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Spécifier l'identité d'authorisation SASL à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Spécifier le domaine d'authorisation SASL à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Spécifie le minimum SSF pour l'autorisation sasl LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Service du fichier keytab de Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Utiliser l'authentification Kerberos pour la connexion LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Suivre les référents LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Durée de vie du TGT pour la connexion LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Comment déréférencer les alias"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nom du service pour les recherches DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Le nombre d'enregistrements à récupérer dans une requête LDAP unique"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Nombre de membres qui doivent être manquants pour activer un déréférencement "
- "complet"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1056,389 +1101,389 @@ msgstr ""
- "Est-ce que la bibliothèque LDAP doit effectuer une requête pour canoniser le "
- "nom d'hôte pendant une connexion SASL ?"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "attribut entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "attribut lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Combien de temps conserver la connexion au serveur LDAP avant de se "
- "déconnecter"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Désactiver le contrôle des pages LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Désactiver la récupération de plage Active Directory."
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Durée d'attente pour une requête de recherche"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Durée d'attente pour une requête d'énumération"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Durée entre deux mises à jour d'énumération"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Durée entre les nettoyages de cache"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "TLS est requis pour les recherches d'identifiants"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Utilisation de la correspondance d'ID pour les objectSID au lieu d'ID pré-"
- "établis"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN pour les recherches d'utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Scope des recherches d'utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtre pour les recherches d'utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Classe d'objet pour les utilisateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Attribut de nom d'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Attribut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Attribut de GID primaire"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Attribut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Attribut de répertoire utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Attribut d'interpréteur de commandes"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "attribut UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "attribut objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Groupe primaire Active Directory pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Attribut d'utilisateur principal (pour Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nom complet"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Attribut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Attribut de date de modification"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "Attribut shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "Attribut shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "Attribut shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "Attribut shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "Attribut shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "Attribut shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "Attribut shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribut listant les services PAM autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
--msgstr "Attribut listant les systèmes serveurs autorisés"
-+msgstr "Attribut listant les hôtes de serveurs autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
--msgstr ""
-+msgstr "Attribut listant les rhosts de serveurs autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "Attribut krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "Attribut krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "Attribut indiquant que la stratégie de mot de passe du serveur est active"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "Attribut AD accountExpires"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "Attribut AD userAccountControl"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "Attribut nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "Attribut NDS loginDisabled"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "Attribut NDS loginExpirationTime"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "Attribut NDS loginAllowedTimeMap"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Attribut de clé public SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
- "attribut énumérant les types d'authentification autorisés pour un utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "attribut contenant le certificat X509 de l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
--msgstr ""
-+msgstr "attribut contenant l’adresse email de l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Une liste des attributs supplémentaires à télécharger avec l'entrée de "
- "l'utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "DN de base pour les recherches de groupes"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Classe d'objet pour les groupes"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nom du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Mot de passe du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Attribut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Attribut membre du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "attribut de l'UUID du groupe"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Attribut de date de modification pour les groupes"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Type de groupe et autres indicateurs"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
--msgstr ""
-+msgstr "L'attribut de membre externe du groupe LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
--msgstr ""
-+msgstr "Le niveau d'imbrication maximal du SSSD suivra"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "DN de base pour les recherches de netgroup"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Classe d'objet pour les groupes réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nom du groupe réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Attribut des membres des groupes réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Attribut triplet du groupe réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Attribut date de modification pour les groupes réseau"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Nom de domaine (DN) de base pour les recherches de service"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Classe objet pour les services"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Attribut de nom de service"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Attribut de port du service"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Attribut de service du protocole"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Limite inférieure pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Limite supérieure pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Nombre d'ID par tranche pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
- "Utilisation d'un algorithme compatible autorid pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nom du domaine par défaut pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID du domaine par défaut pour la correspondance d'ID"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
--msgstr ""
-+msgstr "Nombre de tranches secondaires"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Choisir d'utiliser ou non les groupes de jetons"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
- "Définir la limite inférieure d'identifiants autorisés pour l'annuaire LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
- "Définir la limite supérieure d'identifiants autorisés pour l'annuaire LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN pour les requêtes sur ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
--msgstr ""
-+msgstr "Combien d'entrées maximum à récupérer lors d'une demande de wildcard"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Stratégie d'évaluation de l'expiration du mot de passe"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "Quels attributs utiliser pour déterminer si un compte a expiré"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Quelles règles utiliser pour évaluer le contrôle d'accès"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI d'un serveur LDAP où les changements de mot de passe sont acceptés"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI d'un serveur LDAP de secours où sont autorisées les modifications de mot "
- "de passe"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Nom du service DNS pour le serveur de changement de mot de passe LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1446,23 +1491,23 @@ msgstr ""
- "Choix de mise à jour de l'attribut ldap_user_shadow_last_change après un "
- "changement de mot de passe"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Nom de domaine (DN) de base pour les recherches de règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Périodicité de rafraichissement total"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Périodicité de rafraichissement intelligent"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Filter ou non sur les noms de systèmes, adresses IP et réseaux"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1470,139 +1515,140 @@ msgstr ""
- "Noms de systèmes et/ou noms pleinement qualifiés de cette machine pour "
- "filtrer les règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Adresses ou réseaux IPv4 ou IPv6 de cette machine pour filtrer les règles "
- "sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Inclure ou non les règles qui contiennent un netgroup dans l'attribut host"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Inclure ou non les règles qui contiennent une expression rationnelle dans "
- "l'attribut host"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Classe objet pour les règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-+"Nom de l'attribut qui est utilisé comme classe d'objet pour les règles sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Règle de nom sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Attribut de commande de règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Attribut hôte de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Attribut utilisateur de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Attribut option de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Attribut de règle sudo runas"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Attribut runasuser de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Attribut runasgroup de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Attribut notbefore de la règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Attribut notafter de règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Attribut d'ordre de règle sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Classe objet pour la carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Nom de l'attribut de carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Classe objet pour l'entrée de référence de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Attribut de clé d'entrée pour la carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Attribut de valeur pour la carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Base DN pour les requêtes de carte de montage automatique"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Liste, séparée par des virgules, d'utilisateurs autorisés"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Liste, séparée par des virgules, d'utilisateurs interdits"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Interpréteur de commande par défaut : /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base pour les répertoires utilisateur"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
--msgstr ""
-+msgstr "Le nombre d'enfants proxy pré-fourche."
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Nom de la bibliothèque NSS à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Rechercher le nom canonique du groupe dans le cache si possible"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Pile PAM à utiliser"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
--msgstr ""
-+msgstr "Chemin des sources des fichiers passwd."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
--msgstr ""
-+msgstr "Chemin des sources des fichiers de groupe."
-
- #: src/monitor/monitor.c:2355
- msgid "Become a daemon (default)"
-@@ -1614,7 +1660,7 @@ msgstr "Fonctionner en interactif (non démon)"
-
- #: src/monitor/monitor.c:2360
- msgid "Disable netlink interface"
--msgstr ""
-+msgstr "Désactiver l'interface netlink"
-
- #: src/monitor/monitor.c:2362 src/tools/sssctl/sssctl_logs.c:311
- msgid "Specify a non-default config file"
-@@ -1622,11 +1668,11 @@ msgstr "Définir un fichier de configuration différent de celui par défaut"
-
- #: src/monitor/monitor.c:2364
- msgid "Refresh the configuration database, then exit"
--msgstr ""
-+msgstr "Rafraîchissez la base de données de configuration, puis quittez"
-
- #: src/monitor/monitor.c:2367
- msgid "Similar to --genconf, but only refreshes the given section"
--msgstr ""
-+msgstr "Semblable à --genconf, mais ne rafraîchit que la section donnée"
-
- #: src/monitor/monitor.c:2370
- msgid "Print version number and exit"
-@@ -1634,7 +1680,7 @@ msgstr "Afficher le numéro de version et quitte"
-
- #: src/monitor/monitor.c:2514
- msgid "SSSD is already running\n"
--msgstr ""
-+msgstr "SSSD est déjà en cours d'exécution\n"
-
- #: src/providers/krb5/krb5_child.c:3233 src/providers/ldap/ldap_child.c:624
- msgid "Debug level"
-@@ -1666,31 +1712,31 @@ msgstr "Le groupe à utiliser pour la création du ccache FAST"
-
- #: src/providers/krb5/krb5_child.c:3249
- msgid "Kerberos realm to use"
--msgstr ""
-+msgstr "Domaine Kerberos à utiliser"
-
- #: src/providers/krb5/krb5_child.c:3251
- msgid "Requested lifetime of the ticket"
--msgstr ""
-+msgstr "Demande de renouvellement à vie du billet"
-
- #: src/providers/krb5/krb5_child.c:3253
- msgid "Requested renewable lifetime of the ticket"
--msgstr ""
-+msgstr "Demande de renouvellement à vie du billet"
-
- #: src/providers/krb5/krb5_child.c:3255
- msgid "FAST options ('never', 'try', 'demand')"
--msgstr ""
-+msgstr "Options FAST ('never', 'try', 'demand')"
-
- #: src/providers/krb5/krb5_child.c:3258
- msgid "Specifies the server principal to use for FAST"
--msgstr ""
-+msgstr "Spécifie le principal de serveur afin d'utiliser FAST."
-
- #: src/providers/krb5/krb5_child.c:3260
- msgid "Requests canonicalization of the principal name"
--msgstr ""
-+msgstr "Demande la canonisation du nom principal"
-
- #: src/providers/krb5/krb5_child.c:3262
- msgid "Use custom version of krb5_get_init_creds_password"
--msgstr ""
-+msgstr "Utiliser la version personnalisée de krb5_get_init_creds_password"
-
- #: src/providers/data_provider_be.c:711
- msgid "Domain of the information provider (mandatory)"
-@@ -1716,11 +1762,11 @@ msgstr "SSSD n'est pas démarré par root."
-
- #: src/sss_client/common.c:1091
- msgid "SSSD socket does not exist."
--msgstr ""
-+msgstr "La socket SSSD n'existe pas."
-
- #: src/sss_client/common.c:1094
- msgid "Cannot get stat of SSSD socket."
--msgstr ""
-+msgstr "Impossible d'obtenir le stat du socket SSSD."
-
- #: src/sss_client/common.c:1099
- msgid "An error occurred, but no description can be found."
-@@ -1802,7 +1848,7 @@ msgstr "Premier facteur :"
-
- #: src/sss_client/pam_sss.c:2172 src/sss_client/pam_sss.c:2343
- msgid "Second Factor (optional): "
--msgstr ""
-+msgstr "Deuxième facteur (facultatif) : "
-
- #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
- msgid "Second Factor: "
-@@ -1814,7 +1860,7 @@ msgstr "Mot de passe : "
-
- #: src/sss_client/pam_sss.c:2342 src/sss_client/pam_sss.c:2345
- msgid "First Factor (Current Password): "
--msgstr ""
-+msgstr "Premier facteur (mot de passe actuel) : "
-
- #: src/sss_client/pam_sss.c:2349
- msgid "Current Password: "
-@@ -1864,7 +1910,7 @@ msgstr "Le port à utiliser pour se connecter à l'hôte"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:192
- msgid "Print the host ssh public keys"
--msgstr ""
-+msgstr "Imprimer les clés publiques ssh de l'hôte"
-
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:234
- msgid "Invalid port\n"
-@@ -1881,7 +1927,7 @@ msgstr "Le chemin vers la commande de proxy doit être absolue\n"
- #: src/sss_client/ssh/sss_ssh_knownhostsproxy.c:324
- #, c-format
- msgid "sss_ssh_knownhostsproxy: Could not resolve hostname %s\n"
--msgstr ""
-+msgstr "sss_ssh_knownhostsproxy : Impossible de résoudre le nom d'hôte %s\n"
-
- #: src/tools/sss_useradd.c:49 src/tools/sss_usermod.c:48
- msgid "The UID of the user"
-@@ -2342,7 +2388,7 @@ msgstr "Impossible d'invalider %1$s %2$s\n"
-
- #: src/tools/sss_cache.c:721
- msgid "Invalidate all cached entries"
--msgstr ""
-+msgstr "Invalidez toutes les entrées en cache"
-
- #: src/tools/sss_cache.c:723
- msgid "Invalidate particular user"
-@@ -2394,11 +2440,11 @@ msgstr "Invalider tous les hôtes SSH"
-
- #: src/tools/sss_cache.c:752
- msgid "Invalidate particular sudo rule"
--msgstr ""
-+msgstr "Invalider une règle sudo particulière"
-
- #: src/tools/sss_cache.c:754
- msgid "Invalidate all cached sudo rules"
--msgstr ""
-+msgstr "Invalider toutes les règles sudo en cache"
-
- #: src/tools/sss_cache.c:757
- msgid "Only invalidate entries from a particular domain"
-@@ -2409,6 +2455,8 @@ msgid ""
- "Unexpected argument(s) provided, options that invalidate a single object "
- "only accept a single provided argument.\n"
- msgstr ""
-+"Argument(s) inattendu(s) fourni(s), les options qui invalident un seul objet "
-+"n'acceptent qu'un seul argument fourni.\n"
-
- #: src/tools/sss_cache.c:821
- msgid "Please select at least one object to invalidate\n"
-@@ -2445,298 +2493,307 @@ msgstr "%1$s doit être lancé en tant que root\n"
-
- #: src/tools/sssctl/sssctl.c:35
- msgid "yes"
--msgstr ""
-+msgstr "oui"
-
- #: src/tools/sssctl/sssctl.c:37
- msgid "no"
--msgstr ""
-+msgstr "non"
-
- #: src/tools/sssctl/sssctl.c:39
- msgid "error"
--msgstr ""
-+msgstr "erreur"
-
- #: src/tools/sssctl/sssctl.c:42
- msgid "Invalid result."
--msgstr ""
-+msgstr "Résultat non valide."
-
- #: src/tools/sssctl/sssctl.c:78
- msgid "Unable to read user input\n"
--msgstr ""
-+msgstr "Impossible de lire l'entrée de l'utilisateur\n"
-
- #: src/tools/sssctl/sssctl.c:91
- #, c-format
- msgid "Invalid input, please provide either '%s' or '%s'.\n"
--msgstr ""
-+msgstr "Entrée non valable, veuillez fournir %s ou %s\n"
-
- #: src/tools/sssctl/sssctl.c:109 src/tools/sssctl/sssctl.c:114
- msgid "Error while executing external command\n"
--msgstr ""
-+msgstr "Erreur lors de l'exécution d'une commande externe\n"
-
- #: src/tools/sssctl/sssctl.c:156
- msgid "SSSD needs to be running. Start SSSD now?"
--msgstr ""
-+msgstr "Le SSSD doit être exécuté. Démarrer le SSSD maintenant ?"
-
- #: src/tools/sssctl/sssctl.c:195
- msgid "SSSD must not be running. Stop SSSD now?"
- msgstr ""
-+"Le SSSD ne doit pas être en cours d'exécution. Arrêter le SSSD maintenant ?"
-
- #: src/tools/sssctl/sssctl.c:231
- msgid "SSSD needs to be restarted. Restart SSSD now?"
--msgstr ""
-+msgstr "Le SSSD doit être relancé. Redémarrer SSSD maintenant ?"
-
- #: src/tools/sssctl/sssctl_cache.c:31
- #, c-format
- msgid " %s is not present in cache.\n"
--msgstr ""
-+msgstr " %s n'est pas présent dans le cache.\n"
-
- #: src/tools/sssctl/sssctl_cache.c:33
- msgid "Name"
--msgstr ""
-+msgstr "Nom"
-
- #: src/tools/sssctl/sssctl_cache.c:34
- msgid "Cache entry creation date"
--msgstr ""
-+msgstr "Date de création de l'entrée en cache"
-
- #: src/tools/sssctl/sssctl_cache.c:35
- msgid "Cache entry last update time"
--msgstr ""
-+msgstr "Heure de la dernière mise à jour de l'entrée du cache"
-
- #: src/tools/sssctl/sssctl_cache.c:36
- msgid "Cache entry expiration time"
--msgstr ""
-+msgstr "Temps d'expiration de l'entrée du cache"
-
- #: src/tools/sssctl/sssctl_cache.c:37
- msgid "Cached in InfoPipe"
--msgstr ""
-+msgstr "Mise en cache dans InfoPipe"
-
- #: src/tools/sssctl/sssctl_cache.c:522
- #, c-format
- msgid "Error: Unable to get object [%d]: %s\n"
--msgstr ""
-+msgstr "Erreur : Impossible d'obtenir l'objet [%d] : %s\n"
-
- #: src/tools/sssctl/sssctl_cache.c:538
- #, c-format
- msgid "%s: Unable to read value [%d]: %s\n"
--msgstr ""
-+msgstr "%s: Impossible de lire la valeur [%d] : %s\n"
-
- #: src/tools/sssctl/sssctl_cache.c:566
- msgid "Specify name."
--msgstr ""
-+msgstr "Indiquez le nom."
-
- #: src/tools/sssctl/sssctl_cache.c:576
- #, c-format
- msgid "Unable to parse name %s.\n"
--msgstr ""
-+msgstr "Impossible d'analyser le nom %s.\n"
-
- #: src/tools/sssctl/sssctl_cache.c:602 src/tools/sssctl/sssctl_cache.c:649
- msgid "Search by SID"
--msgstr ""
-+msgstr "Recherche par SID"
-
- #: src/tools/sssctl/sssctl_cache.c:603
- msgid "Search by user ID"
--msgstr ""
-+msgstr "Recherche par ID utilisateur"
-
- #: src/tools/sssctl/sssctl_cache.c:612
- msgid "Initgroups expiration time"
--msgstr ""
-+msgstr "Délai d'expiration des initgroups"
-
- #: src/tools/sssctl/sssctl_cache.c:650
- msgid "Search by group ID"
--msgstr ""
-+msgstr "Recherche par ID de groupe"
-
- #: src/tools/sssctl/sssctl_config.c:70
- #, c-format
- msgid "Failed to open %s\n"
--msgstr ""
-+msgstr "N’a pas pu ouvrir %s\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
- #, c-format
- msgid "File %1$s does not exist.\n"
--msgstr ""
-+msgstr "Le fichier %1$s n’existe pas.\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
- "File ownership and permissions check failed. Expected root:root and 0600.\n"
- msgstr ""
-+"La vérification de la propriété et des permissions des fichiers a échoué. "
-+"Attendue : root:root et 0600.\n"
-
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "Echec du chargement de la configuration à partir de %s.\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "Erreur lors de la lecture du répertoire de configuration.\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
-+"Il n'y a pas de configuration. SSSD utilisera la configuration par défaut "
-+"avec le fournisseur de fichiers.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "Échec de l'exécution des validateurs"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
- msgid "Issues identified by validators: %zu\n"
--msgstr ""
-+msgstr "Problèmes identifiés par les validateurs : %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:126
- #, c-format
- msgid "Messages generated during configuration merging: %zu\n"
--msgstr ""
-+msgstr "Messages générés lors de la fusion des configurations : %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
- #, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr ""
-+msgstr "Fichiers de configuration utilisés : %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
- msgid "Unable to create backup directory [%d]: %s"
--msgstr ""
-+msgstr "Impossible de créer le répertoire de sauvegarde [%d]: %s"
-
- #: src/tools/sssctl/sssctl_data.c:95
- msgid "SSSD backup of local data already exists, override?"
--msgstr ""
-+msgstr "La sauvegarde SSSD des données locales existe déjà, la remplacer ?"
-
- #: src/tools/sssctl/sssctl_data.c:111
- msgid "Unable to export user overrides\n"
--msgstr ""
-+msgstr "Impossible d'exporter les substitutions d'utilisateur\n"
-
- #: src/tools/sssctl/sssctl_data.c:118
- msgid "Unable to export group overrides\n"
--msgstr ""
-+msgstr "Impossible d'exporter les substitutions de groupes\n"
-
- #: src/tools/sssctl/sssctl_data.c:134 src/tools/sssctl/sssctl_data.c:217
- msgid "Override existing backup"
--msgstr ""
-+msgstr "Remplacer la sauvegarde existante"
-
- #: src/tools/sssctl/sssctl_data.c:164
- msgid "Unable to import user overrides\n"
--msgstr ""
-+msgstr "Impossible d'importer les substitutions d'utilisateur\n"
-
- #: src/tools/sssctl/sssctl_data.c:173
- msgid "Unable to import group overrides\n"
--msgstr ""
-+msgstr "Impossible d'importer les substitutions de groupes\n"
-
- #: src/tools/sssctl/sssctl_data.c:194 src/tools/sssctl/sssctl_domains.c:82
- #: src/tools/sssctl/sssctl_domains.c:328
- msgid "Start SSSD if it is not running"
--msgstr ""
-+msgstr "Démarrer SSSD s'il n'est pas en cours d'exécution"
-
- #: src/tools/sssctl/sssctl_data.c:195
- msgid "Restart SSSD after data import"
--msgstr ""
-+msgstr "Redémarrer SSSD après l'importation des données"
-
- #: src/tools/sssctl/sssctl_data.c:218
- msgid "Create clean cache files and import local data"
--msgstr ""
-+msgstr "Créer des fichiers de cache propres et importer des données locales"
-
- #: src/tools/sssctl/sssctl_data.c:219
- msgid "Stop SSSD before removing the cache"
--msgstr ""
-+msgstr "Arrêtez SSSD avant de supprimer le cache"
-
- #: src/tools/sssctl/sssctl_data.c:220
- msgid "Start SSSD when the cache is removed"
--msgstr ""
-+msgstr "Démarrer SSSD lorsque le cache est supprimé"
-
- #: src/tools/sssctl/sssctl_data.c:235
- msgid "Creating backup of local data...\n"
--msgstr ""
-+msgstr "Création d'une sauvegarde des données locales...\n"
-
- #: src/tools/sssctl/sssctl_data.c:238
- msgid "Unable to create backup of local data, can not remove the cache.\n"
- msgstr ""
-+"Impossible de créer une sauvegarde des données locales, impossible de "
-+"supprimer le cache.\n"
-
- #: src/tools/sssctl/sssctl_data.c:243
- msgid "Removing cache files...\n"
--msgstr ""
-+msgstr "Suppression des fichiers de cache...\n"
-
- #: src/tools/sssctl/sssctl_data.c:246
- msgid "Unable to remove cache files\n"
--msgstr ""
-+msgstr "Impossible de supprimer les fichiers de cache\n"
-
- #: src/tools/sssctl/sssctl_data.c:251
- msgid "Restoring local data...\n"
--msgstr ""
-+msgstr "Restauration des données locales...\n"
-
- #: src/tools/sssctl/sssctl_domains.c:83
- msgid "Show domain list including primary or trusted domain type"
- msgstr ""
-+"Afficher la liste des domaines, y compris le type de domaine principal ou de "
-+"confiance"
-
- #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
- #: src/tools/sssctl/sssctl_user_checks.c:95
- msgid "Unable to connect to system bus!\n"
--msgstr ""
-+msgstr "Impossible de se connecter au bus système !\n"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Online"
--msgstr ""
-+msgstr "En ligne"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Offline"
--msgstr ""
-+msgstr "Hors ligne"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- #, c-format
- msgid "Online status: %s\n"
--msgstr ""
-+msgstr "Statut en ligne : %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
- msgid "This domain has no active servers.\n"
--msgstr ""
-+msgstr "Ce domaine n'a pas de serveurs actifs.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
--msgstr ""
-+msgstr "Serveurs actifs :\n"
-
- #: src/tools/sssctl/sssctl_domains.c:230
- msgid "not connected"
--msgstr ""
-+msgstr "non connecté"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "Aucun serveur découvert.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
- msgid "Discovered %s servers:\n"
--msgstr ""
-+msgstr "%s serveurs découverts :\n"
-
- #: src/tools/sssctl/sssctl_domains.c:285
- msgid "None so far.\n"
--msgstr ""
-+msgstr "Aucun pour l'instant.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:325
- msgid "Show online status"
--msgstr ""
-+msgstr "Afficher le statut en ligne"
-
- #: src/tools/sssctl/sssctl_domains.c:326
- msgid "Show information about active server"
--msgstr ""
-+msgstr "Afficher les informations sur le serveur actif"
-
- #: src/tools/sssctl/sssctl_domains.c:327
- msgid "Show list of discovered servers"
--msgstr ""
-+msgstr "Afficher la liste des serveurs découverts"
-
- #: src/tools/sssctl/sssctl_domains.c:333
- msgid "Specify domain name."
--msgstr ""
-+msgstr "Indiquer le nom de domaine."
-
- #: src/tools/sssctl/sssctl_domains.c:355
- msgid "Out of memory!\n"
--msgstr ""
-+msgstr "Plus de mémoire disponible !\n"
-
- #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
- msgid "Unable to get online status\n"
--msgstr ""
-+msgstr "Impossible d'obtenir le statut en ligne\n"
-
- #: src/tools/sssctl/sssctl_domains.c:395
- msgid "Unable to get server list\n"
--msgstr ""
-+msgstr "Impossible d'obtenir la liste des serveurs\n"
-
- #: src/tools/sssctl/sssctl_logs.c:47
- msgid "\n"
-@@ -2744,92 +2801,92 @@ msgstr "\n"
-
- #: src/tools/sssctl/sssctl_logs.c:237
- msgid "Delete log files instead of truncating"
--msgstr ""
-+msgstr "Supprimer les fichiers de log au lieu de tronquer"
-
- #: src/tools/sssctl/sssctl_logs.c:248
- msgid "Deleting log files...\n"
--msgstr ""
-+msgstr "Suppression des fichiers journaux...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:251
- msgid "Unable to remove log files\n"
--msgstr ""
-+msgstr "Impossible de supprimer les fichiers journaux\n"
-
- #: src/tools/sssctl/sssctl_logs.c:257
- msgid "Truncating log files...\n"
--msgstr ""
-+msgstr "Troncature des fichiers de journalisation...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:260
- msgid "Unable to truncate log files\n"
--msgstr ""
-+msgstr "Impossible de tronquer les fichiers de journalisation\n"
-
- #: src/tools/sssctl/sssctl_logs.c:286
- msgid "Out of memory!"
--msgstr ""
-+msgstr "Plus de mémoire disponible !"
-
- #: src/tools/sssctl/sssctl_logs.c:289
- #, c-format
- msgid "Archiving log files into %s...\n"
--msgstr ""
-+msgstr "Archivage des fichiers journaux dans %s...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:292
- msgid "Unable to archive log files\n"
--msgstr ""
-+msgstr "Impossible d'archiver les fichiers journaux\n"
-
- #: src/tools/sssctl/sssctl_logs.c:317
- msgid "Specify debug level you want to set"
--msgstr ""
-+msgstr "Spécifiez le niveau de débogage que vous souhaitez définir"
-
- #: src/tools/sssctl/sssctl_user_checks.c:117
- msgid "SSSD InfoPipe user lookup result:\n"
--msgstr ""
-+msgstr "Résultat de la recherche de l'utilisateur SSSD InfoPipe :\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:167
- #, c-format
- msgid "dlopen failed with [%s].\n"
--msgstr ""
-+msgstr "dlopen a échoué avec [%s].\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:174
- #, c-format
- msgid "dlsym failed with [%s].\n"
--msgstr ""
-+msgstr "dlopen a échoué avec [%s].\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:182
- msgid "malloc failed.\n"
--msgstr ""
-+msgstr "malloc a échoué.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:189
- #, c-format
- msgid "sss_getpwnam_r failed with [%d].\n"
--msgstr ""
-+msgstr "sss_getpwnam_r a échoué avec [%d].\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:194
- msgid "SSSD nss user lookup result:\n"
--msgstr ""
-+msgstr "Résultat de la recherche de l'utilisateur SSSD nss :\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:195
- #, c-format
- msgid " - user name: %s\n"
--msgstr ""
-+msgstr " - user name: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:196
- #, c-format
- msgid " - user id: %d\n"
--msgstr ""
-+msgstr " - user id: %d\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:197
- #, c-format
- msgid " - group id: %d\n"
--msgstr ""
-+msgstr " - group id: %d\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:198
- #, c-format
- msgid " - gecos: %s\n"
--msgstr ""
-+msgstr " - gecos: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:199
- #, c-format
- msgid " - home directory: %s\n"
--msgstr ""
-+msgstr " - home directory: %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:200
- #, c-format
-@@ -2837,18 +2894,20 @@ msgid ""
- " - shell: %s\n"
- "\n"
- msgstr ""
-+" - shell: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:232
- msgid "PAM action [auth|acct|setc|chau|open|clos], default: "
--msgstr ""
-+msgstr "Action PAM [auth|acct|setc|chau|open|clos], par défaut : "
-
- #: src/tools/sssctl/sssctl_user_checks.c:235
- msgid "PAM service, default: "
--msgstr ""
-+msgstr "Service PAM, par défaut : "
-
- #: src/tools/sssctl/sssctl_user_checks.c:240
- msgid "Specify user name."
--msgstr ""
-+msgstr "Spécifiez le nom d'utilisateur."
-
- #: src/tools/sssctl/sssctl_user_checks.c:247
- #, c-format
-@@ -2858,45 +2917,53 @@ msgid ""
- "service: %s\n"
- "\n"
- msgstr ""
-+"utilisateur: %s\n"
-+"action: %s\n"
-+"service: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:252
- #, c-format
- msgid "User name lookup with [%s] failed.\n"
--msgstr ""
-+msgstr "La recherche de nom d'utilisateur avec [%s] a échoué.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:257
- #, c-format
- msgid "InfoPipe User lookup with [%s] failed.\n"
--msgstr ""
-+msgstr "La recherche de l'utilisateur InfoPipe avec [%s] a échoué.\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:263
- #, c-format
- msgid "pam_start failed: %s\n"
--msgstr ""
-+msgstr "pam_start a échoué : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:268
- msgid ""
- "testing pam_authenticate\n"
- "\n"
- msgstr ""
-+"test de pam_authenticate\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:272
- #, c-format
- msgid "pam_get_item failed: %s\n"
--msgstr ""
-+msgstr "pam_get_item a échoué : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:275
- #, c-format
- msgid ""
- "pam_authenticate for user [%s]: %s\n"
- "\n"
--msgstr ""
-+msgstr "pam_authenticate pour l'utilisateur [%s] : %s\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:278
- msgid ""
- "testing pam_chauthtok\n"
- "\n"
- msgstr ""
-+"test pam_chauthtok\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:280
- #, c-format
-@@ -2904,12 +2971,16 @@ msgid ""
- "pam_chauthtok: %s\n"
- "\n"
- msgstr ""
-+"pam_chauthtok: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:282
- msgid ""
- "testing pam_acct_mgmt\n"
- "\n"
- msgstr ""
-+"test de pam_acct_mgmt\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:284
- #, c-format
-@@ -2917,12 +2988,16 @@ msgid ""
- "pam_acct_mgmt: %s\n"
- "\n"
- msgstr ""
-+"pam_acct_mgmt: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:286
- msgid ""
- "testing pam_setcred\n"
- "\n"
- msgstr ""
-+"test de pam_setcred\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:288
- #, c-format
-@@ -2930,12 +3005,16 @@ msgid ""
- "pam_setcred: [%s]\n"
- "\n"
- msgstr ""
-+"pam_setcred: [%s]\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:290
- msgid ""
- "testing pam_open_session\n"
- "\n"
- msgstr ""
-+"test pam_open_session\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:292
- #, c-format
-@@ -2943,12 +3022,16 @@ msgid ""
- "pam_open_session: %s\n"
- "\n"
- msgstr ""
-+"pam_open_session: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:294
- msgid ""
- "testing pam_close_session\n"
- "\n"
- msgstr ""
-+"test pam_close_session\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:296
- #, c-format
-@@ -2956,18 +3039,20 @@ msgid ""
- "pam_close_session: %s\n"
- "\n"
- msgstr ""
-+"pam_close_session: %s\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:298
- msgid "unknown action\n"
--msgstr ""
-+msgstr "action inconnue\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:301
- msgid "PAM Environment:\n"
--msgstr ""
-+msgstr "Environnement PAM :\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:309
- msgid " - no env -\n"
--msgstr ""
-+msgstr " - no env -\n"
-
- #: src/util/util.h:82
- msgid "The user ID to run the server as"
-@@ -2979,8 +3064,8 @@ msgstr "L'identifiant de groupe sous lequel faire tourner le serveur"
-
- #: src/util/util.h:92
- msgid "Informs that the responder has been socket-activated"
--msgstr ""
-+msgstr "Informe que le répondeur a été activé par un socket"
-
- #: src/util/util.h:94
- msgid "Informs that the responder has been dbus-activated"
--msgstr ""
-+msgstr "Informe que le répondeur a été activé par un dbus"
-diff --git a/po/hu.po b/po/hu.po
-index d49e39451..820671425 100644
---- a/po/hu.po
-+++ b/po/hu.po
-@@ -10,7 +10,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:45+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Hungarian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -697,7 +697,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -768,737 +768,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos-kiszolgáló címe"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-tartomány"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Időtúllépés azonosításkor"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, az LDAP szerver URI-ja"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Alapértelmezett LDAP alap-DN-je"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Az LDAP szerveren használt séma-típus, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Az alapértelmezett bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "A kapcsolódási próbálkozás időtartama"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "A CA tanusítványokat tartalmazó fájl"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "TLS tanusítvány ellenőrzése"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "TLS megkövetelése ID keresésekor"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS attribútum"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Shell attribútum"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Teljes név"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf attribútum"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Csoport neve"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Csoport jelszava"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Alapértelmezett shell, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/id.po b/po/id.po
-index 3ffde26aa..cce27c3b3 100644
---- a/po/id.po
-+++ b/po/id.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:46+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Indonesian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -694,7 +694,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -765,737 +765,746 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Alamat server Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Realm Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI server LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Jenis Skema yang digunakan pada server LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Lamanya waktu untuk mencoba koneksi"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Lamanya waktu untuk mencoba operasi LDAP yang sinkron"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Lamanya waktu antara upaya untuk menyambung kembali saat luring"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Membutuhkan verifikasi sertifikat TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Tentukan mekanisme sasl yang digunakan"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Tentukan id otorisasi sasl yang digunakan"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Tentukan id otorisasi sasl yang digunakan"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Keytab layanan Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Gunakan otentikasi Kerberos untuk koneksi LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Lingkup pencarian pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter pencarian pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass untuk pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atribut Nama pengguna"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atribut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Atribut GID Primer"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atribut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atribut direktori Home"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atribut Shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atribut utama pengguna (untuk Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nama Lengkap"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atribut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atribut waktu modifikasi"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Daftar pengguna yang diijinkan dalam format yang dipisahkan koma"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Daftar pengguna yang tidak diijinkan dalam format yang dipisahkan koma"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell default, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/it.po b/po/it.po
-index d01ff1b41..6de4012ac 100644
---- a/po/it.po
-+++ b/po/it.po
-@@ -9,7 +9,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2019-03-06 08:57+0000\n"
- "Last-Translator: Milo Casagrande <milo@milo.name>\n"
- "Language-Team: Italian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -709,7 +709,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtro LDAP per determinare i privilegi di accesso"
-
-@@ -780,738 +780,747 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Indirizzo del server Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Realm Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Timeout di autenticazione"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directory in cui salvare le credenziali"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Percorso della cache delle credenziali utente"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Percorso del keytab per la validazione delle credenziali"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Abilita la validazione delle credenziali"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Intervallo di tempo tra due controlli di rinnovo"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Abilita FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Server dove viene eseguito il servizio di cambio password, se non nel KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, l'indirizzo del server LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Il base DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Lo Schema Type utilizzato dal server LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Il bind DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Il tipo di token di autenticazione del bind DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Il token di autenticazione del bind DN predefinito"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Durata del tentativo di connessione"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Durata del tentativo di esecuzione di operazioni LDAP sincrone"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Durata tra tentativi di riconnessione quando offline"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Usare solo maiuscole per i nomi dei realm"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "File contenente i certificati CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Percorso della directory dei cerficati della CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "File contenente il certificato client"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "File contenente la chiave client"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista delle possibili cipher suite"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Richiedere la verifica del certificato TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Specificare il meccanismo sasl da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Specificare l'id di autorizzazione sasl da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Specificare l'id di autorizzazione sasl da usare"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Keytab del servizio Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Usare autorizzazione Kerberos per la connessione LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Seguire i referral LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Metodo di deferenziazione degli alias"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Durata attesa per le richieste di ricerca"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Durata tra gli aggiornamenti alle enumeration"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Intervallo di tempo per la pulizia cache"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Richiedere TLS per gli ID lookup"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN per i lookup utente"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Ambito di applicazione dei lookup utente"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtro per i lookup utente"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass per gli utenti"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Attributo del nome utente"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Attributo UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Attributo del GID primario"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Attributo GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Attributo della home directory"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Attributo della shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Attributo user principal (per Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nome completo"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Attributo memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Attributo data di modifica"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Politica per controllare la scadenza della password"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista separata da virgola degli utenti abilitati"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista separata da virgola degli utenti non abilitati"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell predefinita, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Base delle home directory"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Il nome della libreria NSS da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Stack PAM da usare"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/ja.po b/po/ja.po
-index 9056f7385..856cce635 100644
---- a/po/ja.po
-+++ b/po/ja.po
-@@ -6,13 +6,14 @@
- # Tomoyuki KATO <tomo@dream.daynight.jp>, 2012-2013
- # Noriko Mizumoto <noriko.mizumoto@gmail.com>, 2016. #zanata
- # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
-+# Ludek Janda <ljanda@redhat.com>, 2020. #zanata
- msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2019-10-07 11:46+0000\n"
--"Last-Translator: Keiko Moriguchi <kemorigu@redhat.com>\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2020-01-14 01:48+0000\n"
-+"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
- "ja/)\n"
- "Language: ja\n"
-@@ -96,7 +97,7 @@ msgid ""
- "files."
- msgstr ""
- "SSSD が Kerberos リプレイキャッシュファイルを保存するファイルシステムのディレ"
--"クトリです。"
-+"クトリーです。"
-
- #: src/config/SSSDConfig/__init__.py.in:63
- msgid "Domain to add to names without a domain component."
-@@ -168,12 +169,12 @@ msgstr "識別プロバイダーからのホームディレクトリーの値を
- msgid ""
- "Substitute empty homedir value from the identity provider with this value"
- msgstr ""
--"アイデンティティプロバイダーからの空のホームディレクトリーをこの値で置き換え"
--"ます"
-+"アイデンティティープロバイダーからの空のホームディレクトリーをこの値で置き換"
-+"えます"
-
- #: src/config/SSSDConfig/__init__.py.in:82
- msgid "Override shell value from the identity provider with this value"
--msgstr "アイデンティティプロバイダーからのシェル値をこの値で上書きします"
-+msgstr "アイデンティティープロバイダーからのシェル値をこの値で上書きします"
-
- #: src/config/SSSDConfig/__init__.py.in:83
- msgid "The list of shells users are allowed to log in with"
-@@ -210,7 +211,7 @@ msgstr "オンラインログイン中にキャッシュによるログインが
-
- #: src/config/SSSDConfig/__init__.py.in:92
- msgid "How many failed logins attempts are allowed when offline"
--msgstr "オフラインのときに許容されるログイン試行失敗回数"
-+msgstr "オフラインの時に許容されるログイン試行失敗回数"
-
- #: src/config/SSSDConfig/__init__.py.in:93
- msgid ""
-@@ -311,13 +312,14 @@ msgstr "信頼された CA 証明書のストレージへのパス"
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "証明書からの ssh-key の生成を許可します"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"以下の一致するルールを使用して、ssh-key 生成用の証明書をフィルタリングします"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -419,11 +421,11 @@ msgstr "クライアントの証明書を含むファイルへのパス"
-
- #: src/config/SSSDConfig/__init__.py.in:152
- msgid "Path to file containing client's private key"
--msgstr "クライアントのプライベートキーを含むファイルへのパス"
-+msgstr "クライアントの秘密鍵を含むファイルへのパス"
-
- #: src/config/SSSDConfig/__init__.py.in:155
- msgid "Identity provider"
--msgstr "アイデンティティプロバイダー"
-+msgstr "アイデンティティープロバイダー"
-
- #: src/config/SSSDConfig/__init__.py.in:156
- msgid "Authentication provider"
-@@ -475,7 +477,7 @@ msgstr "すべてのユーザー・グループの列挙を有効にする"
-
- #: src/config/SSSDConfig/__init__.py.in:170
- msgid "Cache credentials for offline login"
--msgstr "オフラインログインのためにクレディンシャルをキャッシュする"
-+msgstr "オフラインログインのためにクレデンシャルをキャッシュする"
-
- #: src/config/SSSDConfig/__init__.py.in:171
- msgid "Display users/groups in fully-qualified form"
-@@ -498,7 +500,7 @@ msgstr "エントリーキャッシュのタイムアウト長(秒)"
- #: src/config/SSSDConfig/__init__.py.in:174
- msgid ""
- "Restrict or prefer a specific address family when performing DNS lookups"
--msgstr "DNS 検索を実行するときに特定のアドレスファミリーを制限または優先します"
-+msgstr "DNS 検索を実行する時に特定のアドレスファミリーを制限または優先します"
-
- #: src/config/SSSDConfig/__init__.py.in:175
- msgid "How long to keep cached entries after last successful login (days)"
-@@ -518,7 +520,7 @@ msgstr "単一の DNS クエリーの解決を試行する時間 (秒)"
-
- #: src/config/SSSDConfig/__init__.py.in:178
- msgid "How long to wait for replies from DNS when resolving servers (seconds)"
--msgstr "サーバーを名前解決するときに DNS から応答を待つ時間(秒)"
-+msgstr "サーバーを名前解決する時に DNS から応答を待つ時間(秒)"
-
- #: src/config/SSSDConfig/__init__.py.in:179
- msgid "The domain part of service discovery DNS query"
-@@ -561,7 +563,7 @@ msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:194
- msgid "Whether the nsupdate utility should default to using TCP"
--msgstr "nsupdate ユーティリティが標準で TCP を使用するかどうか"
-+msgstr "nsupdate ユーティリティーが標準で TCP を使用するかどうか"
-
- #: src/config/SSSDConfig/__init__.py.in:195
- msgid "What kind of authentication should be used to perform the DNS update"
-@@ -632,7 +634,7 @@ msgstr "IPA サーバーに対する SELinux マップの検索の間の秒単
-
- #: src/config/SSSDConfig/__init__.py.in:217
- msgid "If set to false, host argument given by PAM will be ignored"
--msgstr "もし偽に設定されていると、 PAM により渡されたホスト引数は無視されます"
-+msgstr "もし偽に設定されていると、PAM により渡されたホスト引数は無視されます"
-
- #: src/config/SSSDConfig/__init__.py.in:218
- msgid "The automounter location this IPA client is using"
-@@ -649,7 +651,7 @@ msgstr "ID 範囲に関する情報を含むオブジェクトに対する検索
- #: src/config/SSSDConfig/__init__.py.in:221
- #: src/config/SSSDConfig/__init__.py.in:239
- msgid "Enable DNS sites - location based service discovery"
--msgstr "DNS サイトの有効化 - 位置にサービス探索"
-+msgstr "DNS サイトの有効化 - 位置ベースのサービス検索"
-
- #: src/config/SSSDConfig/__init__.py.in:222
- msgid "Search base for view containers"
-@@ -720,7 +722,7 @@ msgid "Active Directory client hostname"
- msgstr "Active Directory クライアントホスト名"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "アクセス権限を決めるための LDAP フィルター"
-
-@@ -798,209 +800,218 @@ msgstr "マシンアカウントのパスワードの更新が必要となるま
- msgid "Option for tuning the machine account renewal task"
- msgstr "マシンアカウントの更新タスクをチューニングするオプション"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos サーバーのアドレス"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Kerberos バックアップサーバーのアドレス"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos レルム"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "認証のタイムアウト"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "kdcinfo ファイルを作成するかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "krb5 設定スニペットを削除する場所"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
--msgstr "クレディンシャルのキャッシュを保存するディレクトリー"
-+msgstr "クレデンシャルのキャッシュを保存するディレクトリー"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
--msgstr "ユーザーのクレディンシャルキャッシュの位置"
-+msgstr "ユーザーのクレデンシャルキャッシュの位置"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
--msgstr "クレディンシャルを検証するキーテーブルの場所"
-+msgstr "クレデンシャルを検証するキーテーブルの場所"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
--msgstr "クレディンシャルの検証を有効にする"
-+msgstr "クレデンシャルの検証を有効にする"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "後からオンライン認証するためにオフラインの場合にパスワードを保存します"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "更新可能な TGT の有効期間"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "TGT の有効期間"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "更新を確認する間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "FAST を有効にする"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "FAST に使用するプリンシパルを選択する"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "プリンシパル正規化を有効にする"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "エンタープライズ・プリンシパルの有効化"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "ユーザー名から Kerberos プリンシパル名までのマッピング"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "KDC になければ、パスワード変更サービスが実行されているサーバー"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "デフォルトのベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "LDAP サーバーにおいて使用中のスキーマ形式、rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "ユーザーのパスワードの変更にモードを使用しました"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "デフォルトのバインド DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "デフォルトのバインド DN の認証トークンの種類"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "デフォルトのバインド DN の認証トークン"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "接続を試行する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "LDAP 同期操作を試行する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "オフラインの間に再接続を試行する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "レルム名に対して大文字のみを使用する"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "CA 証明書を含むファイル"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "CA 証明書のディレクトリーのパス"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "クライアント証明書を含むファイル"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "クライアントの鍵を含むファイル"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "利用可能な暗号の一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "TLS 証明書の検証を要求する"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "使用する SASL メカニズムを指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "使用する SASL 認可 ID を指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "使用する SASL 認可レルムを指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "LDAP SASL 認可の最小 SSF を指定する"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "LDAP SASL 認可の最小 SSF を指定する"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Kerberos サービスのキーテーブル"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "LDAP 接続に対して Kerberos 認証を使用する"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "LDAP リフェラルにしたがう"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "LDAP 接続の TGT の有効期間"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "エイリアスを参照解決する方法"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "DNS サービス検索のサービス名"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
--msgstr "単一の LDAP 問い合わせにおいて取得するレコード数"
-+msgstr "単一の LDAP クエリーにおいて取得するレコード数"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr "完全な参照解決を引き起こすために欠けている必要があるメンバーの数"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1008,400 +1019,400 @@ msgstr ""
- "LDAP ライブラリーが SASL バインド中にホスト名を正規化するために逆引きを実行す"
- "るかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr "LDAP サーバーを切断する前に接続を保持する時間"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "LDAP ページング制御を無効化する"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Active Directory 範囲の取得の無効化"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "検索要求を待つ時間"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "列挙の要求を待つ時間"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "列挙の更新間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "キャッシュをクリーンアップする間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "ID 検索に TLS を要求する"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "事前設定済み ID の代わりに objectSID の ID マッピングを使用します"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "ユーザー検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "ユーザー検索の範囲"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "ユーザー検索のフィルター"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "ユーザーのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "ユーザー名の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "プライマリー GID の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
--msgstr "ホームディレクトリの属性"
-+msgstr "ホームディレクトリーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "シェルの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "UUID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "ID マッピングの Active Directory プライマリーグループ属性"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "ユーザープリンシパルの属性(Kerberos 用)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "氏名"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "変更日時の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "認可された PAM サービスを一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "認可されたサーバーホストを一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "認可されたサーバー rhosts を一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "サーバー側パスワードポリシーが有効であることを意味する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "AD の accountExpires 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "AD の userAccountControl 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "NDS の loginDisabled 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "NDS の loginExpirationTime 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "NDS の loginAllowedTimeMap 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "SSH 公開鍵の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "ユーザー用に許可された認証タイプを一覧化する属性"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "ユーザーの X509 証明書を含む属性"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "ユーザーの電子メールアドレスを含む属性"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr "ユーザーエントリーと共にダウンロードする追加的な属性の一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "グループ検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "グループのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "グループ名"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "グループのパスワード"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "グループメンバー属性"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "グループ UUID 属性"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "グループの変更日時の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "グループおよび他のフラグのタイプ"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "LDAP グループの外部メンバーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "SSSD が従う最大ネストレベル"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "ネットグループ検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "ネットグループのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "ネットグループ名"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "ネットグループメンバーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "ネットグループの三つ組の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "ネットグループの変更日時の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "サービス検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "サービスのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "サービス名の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "サービスポートの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "サービスプロトコルの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "ID マッピングの下限"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "ID マッピングの上限"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "ID マッピングするとき、各スライスに対する ID の数"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "ID マッピングに対する autorid 互換アルゴリズムを使用します"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "ID マッピングに対するデフォルトドメインの名前"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "ID マッピングに対するデフォルトドメインの SID"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "セカンダリースライスの数"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Token-Group を使うかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "LDAP サーバーから許可される ID の下限の設定"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "LDAP サーバーから許可される ID の上限の設定"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "ppolicy クエリーの DN"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "ワイルドカードの要求の間に取得する最大エントリーの数"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "パスワード失効の評価のポリシー"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "どの属性がアカウントが失効しているかを評価するために使用されるか"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "どのルールがアクセス制御を評価するために使用されるか"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "パスワードの変更が許可される LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "パスワードの変更が許可されるバックアップ LDAP サーバーの URI"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "LDAP パスワードの変更サーバーの DNS サービス名"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr "パスワード変更後 ldap_user_shadow_last_change 属性を更新するかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "sudo ルール検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "自動的な完全更新間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "自動的なスマート更新間隔"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "ホスト名、IP アドレスおよびネットワークによるフィルタールールを使用するかどう"
- "か"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1409,134 +1420,134 @@ msgstr ""
- "sudo ルールをフィルターするこのマシンのホスト名および/または完全修飾ドメイン"
- "名"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "sudo ルールをフィルターするこのマシンの IPv4 または IPv6 アドレスまたはネット"
- "ワーク"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr "ホスト属性にネットワークグループを含むルールを含めるかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr "ホスト属性に正規表現を含むルールを含めるかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "sudo ルールのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
--msgstr ""
-+msgstr "sudo ルールのオブジェクトクラスとして使用される属性の名前"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "sudo ルール名"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "sudo ルールのコマンドの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "sudo ルールのホストの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "sudo ルールのユーザーの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "sudo ルールのオプションの属性"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "sudo ルールの runas の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "sudo ルールの runasuser の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "sudo ルールの runasgroup の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "sudo ルールの notbefore の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "sudo ルールの notafter の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "sudo ルールの order の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "automounter マップのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "オートマウントのマップ名の属性"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "automounter マップエントリーのオブジェクトクラス"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
--msgstr "automounter マップエントリーのキー属性"
-+msgstr "automounter マップエントリーの鍵属性"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "automounter マップエントリーの値属性"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "automonter のマップ検索のベース DN"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "許可ユーザーのカンマ区切り一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "禁止ユーザーのカンマ区切り一覧"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "デフォルトのシェル, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "ホームディレクトリーのベース"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
--msgstr "事前にフォークされた子プロキシの数"
-+msgstr "事前にフォークされた子プロキシーの数。"
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "使用する NSS ライブラリーの名前"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "可能ならばキャッシュから正規化されたグループ名を検索するかどうか"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "使用する PAM スタック"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "passwd ファイルソースへのパス"
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "グループファイルソースへのパス"
-
-@@ -1642,7 +1653,7 @@ msgstr "公開ソケットの所有者またはパーミッションが誤って
-
- #: src/sss_client/common.c:1085
- msgid "Unexpected format of the server credential message."
--msgstr "サーバーのクレディンシャルメッセージの予期しない形式です。"
-+msgstr "サーバーのクレデンシャルメッセージの予期しない形式です。"
-
- #: src/sss_client/common.c:1088
- msgid "SSSD is not run by root."
-@@ -1683,7 +1694,7 @@ msgstr "root によるパスワードのリセットはサポートされませ
-
- #: src/sss_client/pam_sss.c:526
- msgid "Authenticated with cached credentials"
--msgstr "キャッシュされているクレディンシャルを用いて認証されました"
-+msgstr "キャッシュされているクレデンシャルを用いて認証されました"
-
- #: src/sss_client/pam_sss.c:527
- msgid ", your cached password will expire at: "
-@@ -1717,7 +1728,7 @@ msgstr ""
-
- #: src/sss_client/pam_sss.c:776 src/sss_client/pam_sss.c:789
- msgid "Password change failed. "
--msgstr "パスワードの変更に失敗しました。 "
-+msgstr "パスワードの変更に失敗しました。"
-
- #: src/sss_client/pam_sss.c:2008
- msgid "New Password: "
-@@ -1737,7 +1748,7 @@ msgstr "2 番目の要素 (オプション): "
-
- #: src/sss_client/pam_sss.c:2175 src/sss_client/pam_sss.c:2346
- msgid "Second Factor: "
--msgstr "2 番目の要素: "
-+msgstr "2 番目の要素: "
-
- #: src/sss_client/pam_sss.c:2190
- msgid "Password: "
-@@ -2055,17 +2066,17 @@ msgstr "マジックプライベート "
- #: src/tools/sss_groupshow.c:615
- #, c-format
- msgid "%1$s%2$sGroup: %3$s\n"
--msgstr "%1$s%2$s グループ: %3$s\n"
-+msgstr "%1$s%2$sGroup: %3$s\n"
-
- #: src/tools/sss_groupshow.c:618
- #, c-format
- msgid "%1$sGID number: %2$d\n"
--msgstr "%1$s GID 番号: %2$d\n"
-+msgstr "%1$sGID 番号: %2$d\n"
-
- #: src/tools/sss_groupshow.c:620
- #, c-format
- msgid "%1$sMember users: "
--msgstr "%1$s メンバーユーザー: "
-+msgstr "%1$sMember ユーザー: "
-
- #: src/tools/sss_groupshow.c:627
- #, c-format
-@@ -2074,7 +2085,7 @@ msgid ""
- "%1$sIs a member of: "
- msgstr ""
- "\n"
--"%1$s は次のメンバー: "
-+"%1$sIs は次のメンバー: "
-
- #: src/tools/sss_groupshow.c:634
- #, c-format
-@@ -2083,7 +2094,7 @@ msgid ""
- "%1$sMember groups: "
- msgstr ""
- "\n"
--"%1$s メンバーグループ: "
-+"%1$sMember グループ: "
-
- #: src/tools/sss_groupshow.c:670
- msgid "Print indirect group members recursively"
-@@ -2138,7 +2149,7 @@ msgstr "SELinux ログインコンテキストをリセットできません\n"
- #, c-format
- msgid "WARNING: The user (uid %1$lu) was still logged in when deleted.\n"
- msgstr ""
--"警告: ユーザー (uid %1$lu) が削除されたときにまだログインしていました。\n"
-+"警告: ユーザー (uid %1$lu) が削除された時にまだログインしていました。\n"
-
- #: src/tools/sss_userdel.c:278
- msgid "Cannot determine if the user was logged in on this platform"
-@@ -2463,14 +2474,14 @@ msgid "Search by group ID"
- msgstr "グループ ID で検索"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "名前 %s を構文解析できません。\n"
-+msgstr "%s を開くことに失敗しました\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "SSSD ソケットは存在しません。"
-+msgstr "ファイル %1$s は存在しません。\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2482,24 +2493,23 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "%s からの設定のロードに失敗しました。\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "設定ディレクトリーの読み込み中にエラーが発生しました。\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"ファイル %1$s は存在しません。SSSD は、ファイルプロバイダーでデフォルトの設定"
--"を使用します。\n"
-+"設定はありません。SSSD は、ファイルプロバイダーでデフォルト設定を使用しま"
-+"す。\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "バリデーターの実行に失敗しました"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
-@@ -2512,14 +2522,14 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "設定のマージ中に生成されたメッセージ: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "設定スニペットファイルを使用: %u\n"
-+msgstr "使用された設定スニペットファイル: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
- msgid "Unable to create backup directory [%d]: %s"
--msgstr "バックアップディレクトリー [%d] の作成に失敗: %s"
-+msgstr "バックアップディレクトリー [%d] を作成できません: %s"
-
- #: src/tools/sssctl/sssctl_data.c:95
- msgid "SSSD backup of local data already exists, override?"
-@@ -2597,7 +2607,7 @@ msgstr ""
- #: src/tools/sssctl/sssctl_domains.c:105 src/tools/sssctl/sssctl_domains.c:367
- #: src/tools/sssctl/sssctl_user_checks.c:95
- msgid "Unable to connect to system bus!\n"
--msgstr "システムバスに接続できません!\n"
-+msgstr "システムバスに接続できません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:167
- msgid "Online"
-@@ -2613,9 +2623,8 @@ msgid "Online status: %s\n"
- msgstr "オンライン状態: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "アクティブサーバーに関する情報の表示"
-+msgstr "このドメインには、アクティブなサーバーはありません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2627,12 +2636,12 @@ msgstr "接続していません"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "サーバーが見つかりません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
- msgid "Discovered %s servers:\n"
--msgstr "%s サーバーを発見:\n"
-+msgstr "%s サーバーが見つかりました:\n"
-
- #: src/tools/sssctl/sssctl_domains.c:285
- msgid "None so far.\n"
-@@ -2648,7 +2657,7 @@ msgstr "アクティブサーバーに関する情報の表示"
-
- #: src/tools/sssctl/sssctl_domains.c:327
- msgid "Show list of discovered servers"
--msgstr "発見されたサーバーに関する一覧を表示"
-+msgstr "見つかったサーバーに関する一覧を表示"
-
- #: src/tools/sssctl/sssctl_domains.c:333
- msgid "Specify domain name."
-@@ -2656,7 +2665,7 @@ msgstr "ドメイン名を指定します。"
-
- #: src/tools/sssctl/sssctl_domains.c:355
- msgid "Out of memory!\n"
--msgstr "メモリの空き容量がありません。\n"
-+msgstr "メモリーの空き容量がありません。\n"
-
- #: src/tools/sssctl/sssctl_domains.c:375 src/tools/sssctl/sssctl_domains.c:385
- msgid "Unable to get online status\n"
-@@ -2692,12 +2701,12 @@ msgstr "ログファイルの切り捨てができません\n"
-
- #: src/tools/sssctl/sssctl_logs.c:286
- msgid "Out of memory!"
--msgstr "メモリの空き容量がありません。"
-+msgstr "メモリーの空き容量がありません。"
-
- #: src/tools/sssctl/sssctl_logs.c:289
- #, c-format
- msgid "Archiving log files into %s...\n"
--msgstr "ログファイルを %s へアーカイブ...\n"
-+msgstr "ログファイルを %s へアーカイブ中...\n"
-
- #: src/tools/sssctl/sssctl_logs.c:292
- msgid "Unable to archive log files\n"
-@@ -2851,7 +2860,9 @@ msgstr ""
- msgid ""
- "testing pam_acct_mgmt\n"
- "\n"
--msgstr "pam_acct_mgmt のテスト中\n"
-+msgstr ""
-+"pam_acct_mgmt のテスト中\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:284
- #, c-format
-@@ -2883,7 +2894,9 @@ msgstr ""
- msgid ""
- "testing pam_open_session\n"
- "\n"
--msgstr "pam_open_session のテスト中\n"
-+msgstr ""
-+"pam_open_session のテスト中\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:292
- #, c-format
-@@ -2898,7 +2911,9 @@ msgstr ""
- msgid ""
- "testing pam_close_session\n"
- "\n"
--msgstr "pam_close_session のテスト中\n"
-+msgstr ""
-+"pam_close_session のテスト中\n"
-+"\n"
-
- #: src/tools/sssctl/sssctl_user_checks.c:296
- #, c-format
-diff --git a/po/nb.po b/po/nb.po
-index 4b616074d..39289bb60 100644
---- a/po/nb.po
-+++ b/po/nb.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:46+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Norwegian Bokmål (http://www.transifex.com/projects/p/sssd/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Tjeneradresse for Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-område"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Tidsavbrudd for autentisering"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/nl.po b/po/nl.po
-index 7c9399f67..75a6bc564 100644
---- a/po/nl.po
-+++ b/po/nl.po
-@@ -13,7 +13,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:47+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
-@@ -740,7 +740,7 @@ msgid "Active Directory client hostname"
- msgstr "Active Directory cliënt hostnaam"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP-filter om toegangsprivileges mee te bepalen"
-
-@@ -811,217 +811,226 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos-serveradres"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Kerberos back-up server adres"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberos-rijk"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Authenticatie timeout"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Moeten kdcinfo bestanden aangemaakt worden"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Werkmap waar authenticatiegegevens opgeslagen worden"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Locatie van de authenticatiecache van de gebruiker"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Locatie van de keytab om authenticatiegegevens te valideren"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Schakel authenticatiegegevensvalidatie in"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Sla het wachtwoord op indien offline voor later gebruik bij online "
- "authenticatie"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Vernieuwbare levensduur van de TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Levensduur van de TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Tijd tussen twee checks voor vernieuwing"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Zet FAST aan"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Selecteert de hoofdpersoon te gebruiken voor FAST "
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Zet hoofdpersoon sanctioneren aan"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Zet enterprise principals aan"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Server waar het wachtwoord wijzigingsservice draait indien niet op de KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, de URI van de LDAP server"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, De URI van de LDAP server"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "De standaard base DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Het schema type wat gebruikt wordt op de LDAP server, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "De standaard bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Het type authenticatietoken van de standaard bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Het authenticatietoken van de standaard bind DN"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Hoe lang pogen te verbinden"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Hoe lang proberen synchroon LDAP te benaderen"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Duur tussen pogingen om de verbinding opnieuw tot stand te brengen tijdens "
- "offline zijn"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Gebruik alleen hoofdletters voor gebiedsnamen"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Bestand dat de bekende CA-certificaten bevat"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Pad naar de CA-certificatenmap"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Bestand dat het client certificaat bevat"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Bestand dat de client sleutel bevat"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lijst van mogelijke sleutel suites"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Vereis verificatie van het TLS-certificaat"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Geef het SASL-mechanisme op wat gebruikt moet worden"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Geef het SASL-authorisatie-ID op wat gebruikt moet worden"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Specificeer het te gebruiken sasl autorisatiegebied "
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Specificeer de minimale SSF voor LDAP sasl autorisatie"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Kerberos service keytab"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Gebruik Kerberos authenticatie voor LDAP-connectie"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Volg LDAP-doorverwijzingen"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Levensduur van TGT voor LDAP-connectie"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Hoe moet de alias referentie verwijderd worden"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Service naam voor DNS service opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
- "Het aantal records dat opgehaald moet worden met een enkele LDAP bevraging"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Het aantal leden van moet ontbreken om een volledige de-referentie te "
- "veroorzaken"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1029,382 +1038,382 @@ msgstr ""
- "Moet de LDAP bibliotheek omgekeerd opzoeken uitvoeren om de hostnaam te "
- "autoriseren tijdens een SASL binding"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Hoe lang een verbinding met de LDAP server gebouden moet blijven voordat het "
- "losgekoppeld wordt"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Het LDAP paging besturingselement uitschakelen"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Zet Active Directory bereik opvragen uit"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tijd om te wachten op een zoekopdracht"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Tijdsduur te wachten voor een opsommingsverzoek"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Tijd om te wachten tussen enumeratie-updates"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Tijdsduur tussen cache opschoningen"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Vereis TLS voor het opzoeken van ID's"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "Gebruik ID-mapping van objectSID gebruiken in plaats van pre-set ID's"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN voor het opzoeken van gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Scope voor het opzoeken van gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter voor het opzoeken van gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass voor gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Username-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Primair GID-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Gebruikersmap-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Shell-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Active Directory primaire groep attribuut voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Userprincipal-attribuut (voor Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Volledige naam"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "memberOf-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Modification time-attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "shadowLastChange attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribuut voor tonen van geautoriseerde PAM services"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Attribuut dat geautoriseerde server hosts toont"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "krbLastPwdChange attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "Attribuut welke aangeeft dat wachtwoordtactiek op de server actief is"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "accountExpires attribuut van AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "userAccountControl attribuut van AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "nsAccountLock attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "loginDisabled attribuut van NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "loginExpirationTime attribuut van NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "loginAllowedTimeMap attribuut van NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "SSH publieke sleutel attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Basis DN voor groep opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Objectklasse voor groepen"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Groepsnaam"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Groep wachtwoord"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Groep deelnemer attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Verandertijd attribuut voor groepen"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Basis DN voor netgroep opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Objectklasse voor netgroepen"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Netgroep naam"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Netgroep leden attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Netgroep triple attibuut"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Verandertijd attribuut voor netgroepen"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Basis DN voor service lookups"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objectclass voor services"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Service naam attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Service port attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Service protocol attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Ondergrens voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Bovengrens voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Aantal ID's voor elk segment bij ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Gebruik autorid-compatibel algoritme voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Naam van het standaard domein voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID van het standaard domein voor ID-mapping"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Laagste grens instellen voor toegestane id's van de LDAP-server"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Hoogste grens instellen voor toegestane id's van de LDAP-server"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Policy om wacthwoordverloop mee te evalueren"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Welke attributen worden gebruikt voor evaluatie als het account verlopen is"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
- "Welke regels moeten gebruikt worden voor de evaluatie van toegangscontrole"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
- "URI van een LDAP server waarop wachtwoord veranderingen toegestaan zijn"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
- "URI van een back-up LDAP server waar wachtwoord veranderingen toegestaan zijn"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "DNS service naam voor LDAP wachtwoord verander server"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1412,23 +1421,23 @@ msgstr ""
- "Moet het ldap_user_shadow_last_change attribuut vernieuwd worden na een "
- "wachtwoordwijziging"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Basis DN voor sudo regels lookups"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Automatische volledige ververs periode"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Automatische slimme ververs periode"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr "Moeten regels gefilterd worden volgens hostnaam, IP adres en netwerk"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1436,137 +1445,137 @@ msgstr ""
- "Hostnamen en/of volledig gekwalificeerde domeinnamen van deze machine voor "
- "het filteren van sudo regels"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "IPv4 of IPv6 adressen of netwerk van deze machine voor het filteren van sudo "
- "regels"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Moeten regels toegevoegd worden die netgroep bevatten in host attribuut "
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Moeten regels toegevoegd worden die regulaire expressie bevatten in host "
- "attribuut "
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objectklasse voor sudo regels"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Sudo regelnaam"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Sudo regel opdracht attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Sudo regel host attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Sudo regel gebruiker attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Sudo regel optie attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Sudo regel runasuser attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Sudo regel runasgroup attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Sudo regel notbefore attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Sudo regel notafter attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Sudo regel volgorde attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Object class voor automounter maps"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Automounter map naam attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objectklasse voor automounter map ingaven"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Automounter map sleutel ingave attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Automounter map ingavewaarde attribuut"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Basis DN voor automounter kaart opzoeken"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Kommagescheiden lijst van toegestane gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Kommagescheiden lijst van geweigerde gebruikers"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Standaard shell, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Basis voor gebruikersmappen"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "De naam van de NSS-bibliotheek die gebruikt wordt"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Moet indien mogelijk canonieke groepsnaam in cache opgezocht worden "
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "PAM-stack die gebruikt wordt"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/pl.po b/po/pl.po
-index c5ca94f8e..e52db1707 100644
---- a/po/pl.po
-+++ b/po/pl.po
-@@ -14,8 +14,8 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2019-08-26 02:06+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2019-12-02 12:32+0000\n"
- "Last-Translator: Piotr Drąg <piotrdrag@gmail.com>\n"
- "Language-Team: Polish (http://www.transifex.com/projects/p/sssd/language/"
- "pl/)\n"
-@@ -333,13 +333,15 @@ msgstr "Ścieżka do miejsca przechowywania zaufanych certyfikatów CA"
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "Zezwala na tworzenie kluczy SSH z certyfikatów"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"Używa poniższych reguł dopasowania do filtrowania certyfikatów do tworzenia "
-+"kluczy SSH"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -765,7 +767,7 @@ msgid "Active Directory client hostname"
- msgstr "Nazwa komputera klienta Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Filtr LDAP do określenia uprawnień dostępu"
-
-@@ -848,214 +850,223 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr "Opcja dostrajania zadania odnawiania konta komputera"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adres serwera Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adres zapasowego serwera Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Obszar Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Czas oczekiwania na uwierzytelnienie"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Określa, czy tworzyć pliki kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Gdzie umieścić wstawki konfiguracji krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
- "Katalog do przechowywania pamięci podręcznych danych uwierzytelniających"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Położenie pamięci podręcznej danych uwierzytelniających użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Położenie tablicy kluczy do sprawdzania danych uwierzytelniających"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Włącza sprawdzanie danych uwierzytelniających"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "Przechowuje hasło, jeśli w trybie offline do późniejszego uwierzytelnienia "
- "w trybie online"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Odnawialny czas trwania TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Czas trwania TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Czas między dwoma sprawdzaniami odnowy"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Włącza FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Wybiera naczelnika do użycia dla FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Włącza ujednolicanie naczelnika"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Włącza naczelników enterprise"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "Mapa nazw użytkowników do nazw naczelników Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Serwer, w którym jest uruchomiona usługa zmiany haseł, jeśli nie znajduje "
- "się w KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, adres URI serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, adres URI serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Domyślna podstawowa DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Typ Schema do użycia na serwerze LDAP, RFC2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Tryb używany do zmiany hasła użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Domyślne DN dowiązania"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Typ tokenu uwierzytelniania domyślnego DN dowiązania"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Token uwierzytelniania domyślnego DN dowiązania"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Czas do próby połączenia"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Czas do próby synchronicznych działań LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Czas między próbami ponownego połączenia w trybie offline"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Użycie tylko wielkich znaków w nazwach obszarów"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Plik zawierający certyfikaty CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Ścieżka do katalogu certyfikatów CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Plik zawierający certyfikat klienta"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Plik zawierający klucz klienta"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista możliwych zestawów szyfrów"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Wymaga sprawdzenia certyfikatu TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Podaje używany mechanizm SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Podaje używany identyfikator upoważnienia SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Podaje obszar upoważnienia SASL do użycia"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Podaje minimalne SSF dla upoważnienia sasl LDAP"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Tablica kluczy usługi Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Używa uwierzytelniania Kerberos dla połączenia LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Podąża za odsyłaniami LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Czas trwania TGT dla połączenia LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Jak wskazywać aliasy"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Nazwa usługi do wyszukiwań usługi DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Liczba wpisów do pobrania w jednym zapytaniu LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr "Suma liczb, których musi brakować, aby wywołać pełne „deref”"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1063,381 +1074,381 @@ msgstr ""
- "Określa, czy biblioteka LDAP ma wykonywać odwrotne wyszukanie, aby "
- "ujednolicić nazwę komputera podczas dowiązania SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "Atrybut entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "Atrybut lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr "Jak długo utrzymywać połączenie z serwerem LDAP przed rozłączeniem"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Wyłącza kontrolę stronicowania LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Wyłącza pobieranie zakresu Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Czas oczekiwania na żądanie wyszukiwania"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Czas oczekiwania na żądanie wyliczenia"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Czas między aktualizacjami wyliczania"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Czas między czyszczeniem pamięci podręcznej"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Wymaga TLS dla wyszukiwania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Używa mapowania identyfikatorów objectSID zamiast uprzednio ustawionych "
- "identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Podstawowe DN dla wyszukiwania użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Zakres wyszukiwania użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtruje wyszukiwania użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Klasa obiektów dla użytkowników"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atrybut nazwy użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atrybut UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Pierwszy atrybut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atrybut GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atrybut katalogu domowego"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atrybut powłoki"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "Atrybut UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "Atrybut objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Atrybut głównej grupy Active Directory dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atrybut głównego użytkownika (dla Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Imię i nazwisko"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atrybut memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atrybut czasu modyfikacji"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "Atrybut shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "Atrybut shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "Atrybut shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "Atrybut shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "Atrybut shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "Atrybut shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "Atrybut shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Atrybut zawierający listę upoważnionych usług PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Atrybut zawierający listę upoważnionych komputerów serwerowych"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Atrybut zawierający listę upoważnionych rhosts serwera"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "Atrybut krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "Atrybut krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "Atrybut wskazujący, czy polityki haseł po stronie serwera są aktywne"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "Atrybut accountExpires AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "Atrybut userAccountControl AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "Atrybut nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "Atrybut loginDisabled NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "Atrybut loginExpirationTime NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "Atrybut loginAllowedTimeMap NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Atrybut klucza publicznego SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
- "atrybut zawierający listę dozwolonych typów uwierzytelniania dla użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "atrybut zawierający certyfikat X509 użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "atrybut zawierający adres e-mail użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr "Lista dodatkowych atrybutów do pobrania razem z wpisem użytkownika"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Podstawowe DN dla wyszukiwania grup"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Klasa obiektów dla grup"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Nazwa grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Hasło grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Atrybut GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Atrybut elementu grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Atrybut UUID grupy"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Atrybut czasu modyfikacji grup"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Typ grupy i inne flagi"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "Atrybut zewnętrznego członka grupy LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Maksymalny poziom zagnieżdżenia, jaki usługa SSSD będzie używała"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Podstawowe DN dla wyszukiwania grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Klasa obiektów dla grup sieciowych"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nazwa grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Atrybut elementów grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Potrójny atrybut grupy sieciowej"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Atrybut czasu modyfikacji grup sieciowych"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Podstawowe DN do wyszukiwania usług"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Klasa obiektów dla usług"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Atrybut nazwy usługi"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Atrybut portu usługi"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Atrybut protokołu usługi"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Niższa granica dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Wyższa granica dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
- "Liczba identyfikatorów dla każdego fragmentu podczas mapowania "
- "identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Używa algorytmu zgodnego z autorid do mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Nazwa domyślnej domeny dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID domyślnej domeny dla mapowania identyfikatorów"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Liczba drugorzędnych fragmentów"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Czy używać Token-Groups"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Ustawia dolną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Ustawia górną granicę dla dozwolonych identyfikatorów z serwera LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN dla zapytań polityki"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "Ile maksymalnie wpisów pobierać podczas żądania z wieloznacznikiem"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Polityka do oszacowania wygaszenia hasła"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "Które atrybuty mają być używane do sprawdzenia, czy konto wygasło"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Które reguły mają być używane do sprawdzania kontroli dostępu"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "Adres URI serwera LDAP, gdzie zmiany hasła są dozwolone"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "Adres URI zapasowego serwera LDAP, gdzie zmiany hasła są dozwolone"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Nazwa usługi DNS serwera zmiany hasła LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1445,24 +1456,24 @@ msgstr ""
- "Określa, czy zaktualizować atrybut ldap_user_shadow_last_change po zmianie "
- "hasła"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Podstawowe DN dla wyszukiwań reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Okres między automatycznymi pełnymi odświeżeniami"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Okres między automatycznymi inteligentnymi odświeżeniami"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Określa, czy filtrować reguły według nazwy komputera, adresów IP i sieci"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1470,138 +1481,138 @@ msgstr ""
- "Nazwy komputerów lub w pełni kwalifikowane nazwy domen tego komputera do "
- "filtrowania reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Adresy lub sieci IPv4 lub IPv6 tego komputera do filtrowania reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Określa, czy zawierać reguły zawierające grupy sieciowe w atrybucie komputera"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Określa, czy zawierać reguły zawierające wyrażenia regularne w atrybucie "
- "komputera"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Klasa obiektów dla reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
--msgstr ""
-+msgstr "Nazwa atrybutu używanego jako klasa obiektów dla reguł sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Nazwa reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Atrybut polecenia reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Atrybut komputera reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Atrybut użytkownika reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Atrybut opcji reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Atrybut runas reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Atrybut runasuser reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Atrybut runasgroup reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Atrybut notbefore reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Atrybut notafter reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Atrybut kolejności reguły sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Klasa obiektów dla map automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Atrybut nazwy mapy automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Klasa obiektów dla wpisów map automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Atrybut klucza wpisu mapy automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Atrybut wartości wpisu mapy automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Podstawowe DN dla wyszukiwań map automountera"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista dozwolonych użytkowników oddzielonych przecinkami"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista zabronionych użytkowników oddzielonych przecinkami"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Domyślna powłoka, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Podstawa katalogów domowych"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Liczba elementów potomnych pośrednika przed rozwidleniem."
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Nazwa używanej biblioteki NSS"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Określa, czy wyszukiwać kanoniczną nazwę grupy w pamięci podręcznej, jeśli "
- "to możliwe"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Używany stos PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Ścieżka źródeł pliku „passwd”."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Ścieżka źródeł pliku „group”."
-
-@@ -2533,14 +2544,14 @@ msgid "Search by group ID"
- msgstr "Wyszukuje według identyfikatorów grup"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Nie można przetworzyć nazwy %s.\n"
-+msgstr "Otwarcie %s się nie powiodło\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "Gniazdo SSSD nie istnieje."
-+msgstr "Plik %1$s nie istnieje.\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2552,24 +2563,23 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "Wczytanie konfiguracji z %s się nie powiodło.\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "Błąd podczas odczytywania katalogu konfiguracji.\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Plik %1$s nie istnieje. Usługa SSSD użyje domyślnej konfiguracji z dostawcą "
-+"Nie ma konfiguracji. Usługa SSSD użyje domyślnej konfiguracji z dostawcą "
- "plików.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "Uruchomienie programów sprawdzających poprawność się nie powiodło"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
-@@ -2582,9 +2592,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Komunikaty utworzone podczas łączenia konfiguracji: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Użyte pliki wstawek konfiguracji: %u\n"
-+msgstr "Użyte pliki wstawek konfiguracji: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2681,9 +2691,8 @@ msgid "Online status: %s\n"
- msgstr "Stan online: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Wyświetla informacje o aktywnym serwerze"
-+msgstr "Ta domena nie ma aktywnych serwerów.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2695,7 +2704,7 @@ msgstr "nie połączono"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "Nie wykryto żadnych serwerów.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
-diff --git a/po/pt.po b/po/pt.po
-index 6f983d38a..de61e356f 100644
---- a/po/pt.po
-+++ b/po/pt.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:47+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
-@@ -703,7 +703,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -774,739 +774,748 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Endereço do servidor Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Reino Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Tempo de expiração da autenticação"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Directório para armazenar as caches de credenciais"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Localização da cache de credenciais dos utilizadores"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Localização da tabela de chaves (keytab) para validar credenciais"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Activar validação de credenciais"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Servidor onde está em execução o serviço de alteração de senha, se não "
- "coincide com o KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, O URI do servidor LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "A base DN por omissão"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "O tipo de Schema em utilização no servidor LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "O DN por omissão para a ligação"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "O tipo de token de autenticação do bind DN por omissão"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "O token de autenticação do bind DN por omissão"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Período de tempo para tentar ligação"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Tempo de espera para tentar operações LDAP síncronas"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Tempo de espera entre tentativas para re-conectar quando desligado"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Ficheiro que contêm os certificados CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Caminho para o directório do certificado CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Obriga a verificação de certificados TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Especificar mecanismo sasl a utilizar"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Especifique o id sasl para utilizar na autorização"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Especifique o id sasl para utilizar na autorização"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Separador chave do serviço Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Utilizar autenticação Kerberos para ligações LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Seguir os referrals LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tempo de espera por um pedido de pesquisa"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Período de tempo entre enumeração de actualizações"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Requer TLS para consultas de ID"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "DN base para pesquisa de utilizadores"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Âmbito das pesquisas do utilizador"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filtro para as pesquisas do utilizador"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass para utilizadores"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Atributo do nome do utilizador"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Atributo UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Atributo GID primário"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Atributo GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Atributo da pasta pessoal"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Atributo da Shell"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Atributo principal do utilizador (para Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Nome Completo"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Atributo memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Atributo da alteração da data"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Politica para avaliar a expiração da senha"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Lista de utilizadores autorizados separados por vírgulas"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Lista de utilizadores não autorizados separados por vírgulas"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Shell pré-definida, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Directório base para as pastas pessoais"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "O nome da biblioteca NSS a utilizar"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Stack PAM a utilizar"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/pt_BR.po b/po/pt_BR.po
-index dc03ba658..3a0f0a15a 100644
---- a/po/pt_BR.po
-+++ b/po/pt_BR.po
-@@ -3,7 +3,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2015-10-27 08:15+0000\n"
- "Last-Translator: Marco Aurélio Krause <ouesten@me.com>\n"
- "Language-Team: Portuguese (Brazil)\n"
-@@ -689,7 +689,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -760,737 +760,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/ru.po b/po/ru.po
-index d8e586b20..8af743d55 100644
---- a/po/ru.po
-+++ b/po/ru.po
-@@ -9,7 +9,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2016-02-23 10:04+0000\n"
- "Last-Translator: Oleksii Levan <exlevan@gmail.com>\n"
- "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -720,7 +720,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Фильтр LDAP для определения прав доступа"
-
-@@ -791,740 +791,749 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Имя сервера Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Область действия Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Тайм-аут проверки подлинности"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Каталог для хранения кэшей учётных данных"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Расположения кэша учётных данных пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Расположение keytab-файла для проверки учётных данных"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Включить проверку учётных данных"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
- "При отсутствии соединения сохранить пароль и пройти аутентификацию позже"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "Сервер, на котором запущена служба смены пароля (если не на KDC)"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI сервера LDAP "
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Base DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Тип схемы, используемой на LDAP-сервере, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Bind DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Тип маркера проверки подлинности для bind DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Маркер проверки подлинности для bind DN по умолчанию"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Временной интервал для попытки соединения"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Временной интервал для попытки синхронизации операций LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Временной интервал между попытками возобновления соединения в автономного "
- "режиме"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Файл содержащий сертификаты CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Путь к каталогу с сертификатами CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Требуется проверка сертификата TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Укажите механизм sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Укажите идентификатор авторизации sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Укажите идентификатор авторизации sasl"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Keytab-файл службы Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Использовать проверку подлинности Kerberos для LDAP-соединения"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Следовать ссылкам LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Время жизни TGT для LDAP-соединений"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Временной интервал, в течение которого ожидать поискового запроса"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Временной интервал между обновлениями перечисления"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Требовать TLS для запросов ID"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Base DN для поиска"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Глубина поиска"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Фильтр поиска"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objectclass для пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Атрибут «username»"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Атрибут «UID»"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Атрибут «primary GID»"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Атрибут «GECOS»"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Атрибут домашнего каталога"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Атрибут оболочки"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Атрибут участника-пользователя (для Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Полное имя"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Атрибут memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Атрибут времени изменения"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Политика вычисления окончания срока действия пароля"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Разделённый запятыми список разрешённых пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Разделённый запятыми список запрещённых пользователей"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Оболочка по умолчанию, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Место для домашних каталогов"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Имя используемой библиотеки NSS"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Используемый стек PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/sssd.pot b/po/sssd.pot
-index 8c0091882..2270e49d6 100644
---- a/po/sssd.pot
-+++ b/po/sssd.pot
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
- "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
- "Language-Team: LANGUAGE <LL@li.org>\n"
-@@ -692,7 +692,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -763,737 +763,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/sv.po b/po/sv.po
-index 646f33eee..243c4e2d9 100644
---- a/po/sv.po
-+++ b/po/sv.po
-@@ -11,7 +11,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2019-09-29 04:12+0000\n"
- "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
- "Language-Team: Swedish (http://www.transifex.com/projects/p/sssd/language/"
-@@ -742,7 +742,7 @@ msgid "Active Directory client hostname"
- msgstr "Active Directory-klientvärdnamn"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "LDAP-filter för att bestämma åtkomstprivilegier"
-
-@@ -825,210 +825,219 @@ msgstr "Maximal ålder i dagar innan maskinkontots lösenord skall förnyas"
- msgid "Option for tuning the machine account renewal task"
- msgstr "Flagga för att trimma maskinkontots förnyelseuppgift"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Adress till Kerberosserver"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Adress till reservserver för Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Kerberosrike"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Autentiseringstidsgräns"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Huruvida kdcinfo-filer skall skapas"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Var konfigurationssnuttar för krb5 skall läggas"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Katalog att lagra kreditiv-cachar i"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Plats för användarens kreditiv-cache"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Plats för nyckeltabellen för att validera kreditiv"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Aktivera validering av kreditiv"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Lagra lösenord när ej ansluten för ansluten autentisering senare"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Förnybar livstid för TGT:n"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Livstid för TGT:n"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Tid mellan två kontroller av förnyelse"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Aktiverar FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Väljer huvudman att använda för FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Aktivera kanonisk form av huvudman"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Aktiverar företagshuvudmän"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "En översättning från användarnamn till Kerberos huvudmansnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr "Server där ändringstjänsten för lösenord kör om inte på KDC:n"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, URI:n för LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, URI:n för LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Standard bas-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Schematypen som används i LDAP-servern, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Läge som används för att ändra användares lösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Standard bindnings-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Typen på autentiserings-token för standard bindnings-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Autentiserings-token för standard bindnings-DN"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Tidslängd att försöka ansluta"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Tidslängd att försöka synkrona LDAP-operationer"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr "Tidslängd mellan försök att återansluta vid frånkoppling"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Använd endast versaler för namn på riken"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Fil som innehåller CA-certifikat"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Sökväg till katalogen med CA-certifikat"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Fil som innehåller klientcertifikatet"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Fil som innehåller klientnyckeln"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Lista över möjliga chiffersviter"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Kräv TLS-certifikatverifiering"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Ange sasl-mekanismen att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Ange sasl-auktorisering-id att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Ange sasl-auktoriseringsrike att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr "Ange minsta SSF för LDAP-sasl-auktorisering"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "Ange minsta SSF för LDAP-sasl-auktorisering"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Kerberostjänstens nyckeltabell"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Använd Kerberosautentisering för LDAP-anslutningar"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Följer LDAP-hänvisningar"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Livslängd på TGT för LDAP-anslutning"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Hur alias skall derefereras"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Tjänstenamn för uppslagning av DNS-tjänster"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Antalet poster som skall hämtas i en enda LDAP-fråga"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Antalet medlemmar som måste saknas för att orsaka en fullständig dereferering"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1036,377 +1045,377 @@ msgstr ""
- "Huruvida LDAP-biblioteket skall utföra en omvänd uppslagning för att ta fram "
- "värdnamnets kanoniska form under en SASL-bindning"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "entryUSN-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "lastUSN-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
- "Hur länge en anslutning till LDAP-servern skall behållas före den kopplas ner"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Avaktivera flödesstyrningen (paging) av LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Avaktivera Active Directorys intervallhämtande"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Tidslängd att vänta på en sökbegäran"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Tidslängd att vänta på en uppräkningsbegäran"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Tidslängd mellan uppräkningsuppdateringar"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Tidslängd mellan cache-tömningar"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Kräv TLS för ID-uppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr "Använd ID-översättning av objectSID istället för förhandssatta ID:n"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Bas-DN för användaruppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Omfång av användaruppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Filter för användaruppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Objektklass för användare"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Användarnamnsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "UID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Primärt GID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "GECOS-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Hemkatalogattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Skalattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "UUID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "objectSID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr "Primärt gruppattribut i Active Directory för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Användarens huvudmansattribut (för Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Fullständigt namn"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "medlemAv-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Modifieringstidsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "attributet shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "shadowMin-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "shadowMax-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "shadowWarning-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "shadowInactive-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "shadowExpire-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "shadowFlag-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Attribut för listning av auktoriserade PAM-tjänster"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Attribut för listning av auktoriserade servervärdar"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Attribut för listning av auktoriserade server-rhosts"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "attributet krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "krbPasswordExpiration-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr "Attribut som indikerar att serversidans lösenordspolicyer är aktiva"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "AD:s attribut accountExpires"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "AD:s attribut userAccountControl"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "attributet nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "NDS attribut loginDisabled"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "NDS attribut loginExpirationTime"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "NDS attribut loginAllowedTimeMap"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Attribut för publik SSH-nyckel"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "attribut för listning av tillåtna autentiseringstyper för en användare"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "attribut som innehåller användarens X509-certifikat"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "attribut som innehåller e-postadresser till användaren"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr "En lista över extra attribut att hämta tillsammans med användarposten"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Bas-DN för gruppuppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Objektklass för grupper"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Gruppnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Grupplösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "GID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Gruppmedlemsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Grupp-UUID-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Modifieringstidsattribut för grupper"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Typen av grupp och andra flaggor"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "LDAP-gruppens externa medlemsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Maximal nästlingsnivå SSSD kommer följa"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Bas-DN för nätgruppuppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Objektklass för nätgrupper"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Nätgruppnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Attribut på nätgruppmedlemmar"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Attribut på nätgruppstripplar"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Modifieringstidsattribut för nätgrupper"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Bas-DN för tjänsteuppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Objektklass för tjänster"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Tjänstenamnsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Tjänsteportsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Tjänsteprotokollsattribut"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Undre gräns för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Övre gräns för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr "Antal ID:n till varje skiva vid ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr "Använd en autorid-kompatibel algoritm för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Standarddomänens namn för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "Standarddomänens SID för ID-mappning"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Antal sekundära skivor"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Huruvida Token-Groups skall användas"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Sätt undre gräns för tillåtna ID:n från LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Sätt övre gräns för tillåtna ID:n från LDAP-servern"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN för ppolicy-frågor"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr "Hur många poster att maximalt hämta i en joker-begäran"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Policy för att utvärdera utgång av lösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr "Vilka attribut skall användas för att avgöra om ett konto gått ut"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr "Vilka regler skall användas för att avgöra åtkomstkontroll"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "URI till en LDAP-server där lösenordsändringar är tillåtna"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "URI till en reserv-LDAP-server där lösenordsändringar är tillåtna"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "DNS-tjänstenamn för LDAP-lösenordsändringsservern"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1414,24 +1423,24 @@ msgstr ""
- "Huruvida attributet ldap_user_shadow_last_change skall uppdateras efter en "
- "ändring av lösenord"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Bas-DN för regeluppslagningar"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Intervall mellan automatisk fullständig omläsning"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Intervall mellan automatisk smart omläsning"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Huruvida regler skall filtreras efter värdnamn, IP-adresser och nätverk"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1439,137 +1448,137 @@ msgstr ""
- "Värdnamn och/eller fullständigt kvalificerade domännamn på denna maskin för "
- "att filtrera sudo-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "IPv4- eller IPv6-adresser eller -nätverk för denna maskin för att filtrera "
- "sudo-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Huruvida regler som innehåller nätgrupper i värdattribut skall inkluderas"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Huruvida regler som innehåller reguljära uttryck i värdattribut skall "
- "inkluderas"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Objektklass för sudo-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Sudo-regelnamn"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Attribut för sudo-regelkommandon"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Attribut för sudo-regelvärd"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Attribut för sudo-regelanvändare"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Attribut för sudo-regelflaggor"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Sudo-regel-runas-attribut"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr "Attribut för sudo-runasuser"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Attribut på runasgroup i sudo-regel"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Attribut för sudo-notbefore-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Attribut för sudo-notafter-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Attribut för sudo-order-regler"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Objektklass för avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Attribut för namn i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Objektklass för poster i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Attribut för postnycklar i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Attribut på postvärde i avbildning för automatmonteraren"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Bas-DN för uppslagningar i avbildningar för automatmonterare"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Kommaseparerad lista över tillåtna användare"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Kommaseparerad lista över förbjudna användare"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Standardskal, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Bas för hemkataloger"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Antal ombudsbarn före grening"
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Namnet på NSS-biblioteket att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr "Huruvida kanoniska gruppnamn skall slås upp från cachen om möjligt"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "PAM-stack att använda"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Sökväg till lösenordsfilkällor."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Sökväg till gruppfilkällor."
-
-@@ -2494,14 +2503,14 @@ msgid "Search by group ID"
- msgstr "Sök via grupp-ID"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Kan inte tolka namnet %s.\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "SSSD-uttaget finns inte."
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2520,13 +2529,10 @@ msgid "Error while reading configuration directory.\n"
- msgstr ""
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Filen %1$s finns inte. SSSD kommer använda standardkonfigurationen med "
--"filleverantörer.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
-@@ -2543,9 +2549,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Meddelanden genererade under sammanslagning av konfigurationen: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Använda konfigurationssnuttfiler: %u\n"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2641,9 +2647,8 @@ msgid "Online status: %s\n"
- msgstr "Uppkopplingsstatus: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Visa information om aktiv server"
-+msgstr ""
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-diff --git a/po/tg.po b/po/tg.po
-index 5009cf304..70e00714a 100644
---- a/po/tg.po
-+++ b/po/tg.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:48+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
-@@ -694,7 +694,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -765,737 +765,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Номи гурӯҳ"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Пароли гурӯҳ"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Аттрибути GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/tr.po b/po/tr.po
-index f05e7dca8..a4ba1533f 100644
---- a/po/tr.po
-+++ b/po/tr.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:49+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Turkish (http://www.transifex.com/projects/p/sssd/language/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos sunucu adresi"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/uk.po b/po/uk.po
-index 098e0d472..3e73effbc 100644
---- a/po/uk.po
-+++ b/po/uk.po
-@@ -14,8 +14,8 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
--"PO-Revision-Date: 2019-08-16 05:48+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
-+"PO-Revision-Date: 2019-12-02 08:43+0000\n"
- "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
- "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
- "uk/)\n"
-@@ -345,13 +345,15 @@ msgstr "Шлях до сховища надійних сертифікатів
-
- #: src/config/SSSDConfig/__init__.py.in:122
- msgid "Allow to generate ssh-keys from certificates"
--msgstr ""
-+msgstr "Дозволити створення ключів SSH з сертифікатів"
-
- #: src/config/SSSDConfig/__init__.py.in:123
- msgid ""
- "Use the following matching rules to filter the certificates for ssh-key "
- "generation"
- msgstr ""
-+"Використати вказані нижче відповідні правила для фільтрування сертифікатів "
-+"для створення ключів SSH"
-
- #: src/config/SSSDConfig/__init__.py.in:126
- msgid "List of UIDs or user names allowed to access the PAC responder"
-@@ -788,7 +790,7 @@ msgid "Active Directory client hostname"
- msgstr "Назва клієнтського вузла Active Directory"
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr "Фільтр LDAP для визначення прав доступу"
-
-@@ -875,216 +877,226 @@ msgid "Option for tuning the machine account renewal task"
- msgstr ""
- "Параметр налаштовування завдання оновлення облікових записів комп’ютерів"
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Адреса сервера Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr "Адреса резервного сервера Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr "Область Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "Час очікування на розпізнавання"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr "Визначає, чи слід створювати файли kdcinfo"
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr "Місце, куди слід скидати фрагменти налаштувань krb5"
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "Каталог, де зберігатиметься кеш реєстраційних даних"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "Адреса кешу реєстраційних даних користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "Адреса таблиці ключів для перевірки реєстраційних даних"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "Увімкнути перевірку реєстраційних даних"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr "Зберігати пароль у автономному режимі для розпізнавання у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr "Поновлюваний строк дії TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr "Строк дії TGT"
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr "Граничний час між двома перевірками для поновлення"
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr "Вмикає FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr "Визначає реєстраційний запис, який слід використовувати для FAST"
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr "Вмикає перетворення реєстраційних записів у канонічну форму"
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr "Увімкнути промислові реєстраційні дані"
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr "Прив’язка імен користувачів до основних імен Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
- "Сервер, на якому запущено службу зміни паролів, якщо такий не вдасться "
- "виявити у KDC"
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr "ldap_uri, адреса URI сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr "ldap_backup_uri, адреса сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr "Типова базова назва домену"
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr "Тип схеми, використаний на сервері LDAP, rfc2307"
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr "Режим для зміни пароля користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr "Типова назва домену прив’язки"
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr "Тип розпізнавання для типової назви сервера прив’язки"
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr "Лексема розпізнавання типової назви сервера прив’язки"
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr "Проміжок часу між спробами встановлення з’єднання"
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr "Проміжок часу між спробами виконання синхронних операцій LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
- "Проміжок часу між повторними спробами встановлення з’єднання у автономному "
- "режимі"
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr "Використовувати для назв областей лише великі літери"
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr "Файл, що містить сертифікати CA"
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr "Шлях до каталогу сертифікатів CA"
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr "Файл, що містить клієнтський сертифікат"
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr "Файл, що містить клієнтський ключ"
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr "Показати список можливих інструментів шифрування"
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "Потрібна перевірка сертифіката TLS"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "Вкажіть механізм SASL, який слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "Вкажіть ідентифікатор уповноваження SASL, який слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr "Вкажіть область уповноваження SASL, яку слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
- "Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+"Вказати мінімальне значення SSF для розпізнавання на LDAP за допомогою sasl"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr "Таблиця ключів служби Kerberos"
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr "Розпізнавання Kerberos для з’єднання LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr "Переходити за посиланнями LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr "Строк дії TGT для з’єднання LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr "Спосіб розіменування псевдонімів"
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr "Назва служби для пошуків за допомогою служби DNS"
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr "Кількість записів, які слід отримувати у відповідь на один запит LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
- "Кількість учасників, яких має не вистачати для вмикання повного скасування "
- "посилань"
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
-@@ -1092,390 +1104,390 @@ msgstr ""
- "Визначає, чи має бібліотека LDAP виконувати зворотній пошук з метою "
- "переведення назв вузлів у канонічну форму під час прив’язки до SASL"
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr "Атрибут entryUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr "Атрибут lastUSN"
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr "Тривалість підтримування з’єднання з сервером LDAP перед роз’єднанням"
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr "Вимкнути контроль сторінок у LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr "Вимкнути отримання діапазонів Active Directory"
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "Тривалість очікування на дані запиту пошуку"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr "Тривалість очікування на дані запиту щодо переліку"
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr "Проміжок часу між оновленнями нумерації"
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr "Проміжок часу між спорожненнями кешу"
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr "Вимагати TLS для пошуків ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
- "Використовувати відповідності ідентифікаторів objectSID замість попередньо "
- "встановлених ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr "Базова назва домену для пошуків користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr "Діапазон пошуків користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr "Фільтр пошуку користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr "Клас об’єктів для користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr "Атрибут імені користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr "Атрибут UID"
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr "Головний атрибут GID"
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr "Атрибут GECOS"
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr "Атрибут домашнього каталогу"
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr "Атрибут оболонки"
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr "Атрибут UUID"
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr "Атрибут objectSID"
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
- "Атрибут основної групи Active Directory для встановлення відповідності "
- "ідентифікатора"
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr "Атрибут реєстраційного запису користувача (для Kerberos)"
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "Повне ім'я"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr "Атрибут memberOf"
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr "Атрибут часу зміни"
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr "Атрибут shadowLastChange"
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr "Атрибут shadowMin"
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr "Атрибут shadowMax"
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr "Атрибут shadowWarning"
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr "Атрибут shadowInactive"
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr "Атрибут shadowExpire"
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr "Атрибут shadowFlag"
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr "Атрибути зі списком уповноважених служб PAM"
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr "Атрибути зі списком уповноважених серверних вузлів"
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr "Атрибути зі списком уповноважених серверних r-вузлів"
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr "Атрибут krbLastPwdChange"
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr "Атрибут krbPasswordExpiration"
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
- "Атрибут, що відповідає за активізацію правил обробки паролів на боці сервера"
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr "Атрибут accountExpires AD"
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr "Атрибут userAccountControl AD"
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr "Атрибут nsAccountLock"
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr "Атрибут loginDisabled NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr "Атрибут loginExpirationTime NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr "Атрибут loginAllowedTimeMap NDS"
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr "Атрибут відкритого ключа SSH"
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr "атрибут зі списком дозволених типів розпізнавання для користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr "атрибут, що містить сертифікат X509 користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr "атрибут, що містить адресу електронної пошти користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
- "Список додаткових атрибутів, які слід отримувати разом із записом користувача"
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr "Базова назва домену для пошуків груп"
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr "Клас об’єктів для груп"
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr "Назва групи"
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr "Пароль групи"
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr "Атрибут GID"
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr "Атрибут членства у групі"
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr "Атрибут UUID групи"
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr "Атрибут часу зміни для груп"
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr "Тип групи та інші прапорці"
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr "Атрибут групи LDAP зовнішнього учасника"
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr "Максимальний рівень вкладеності, який використовуватиме SSSD"
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr "Базова назва домену для пошуків груп у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr "Клас об’єктів для груп у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr "Назва мережевої групи"
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr "Атрибут членства у групах у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr "Атрибут трійки груп у мережі"
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr "Атрибут часу зміни для мережевих груп"
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr "Базова сервер назв домену для пошуку служб"
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr "Клас об’єктів для служб"
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr "Атрибут назви служби"
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr "Атрибут порту служби"
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr "Атрибут протоколу служби"
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr "Нижня межа встановлення відповідності ідентифікатора"
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr "Верхня межа встановлення відповідності ідентифікатора"
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
- "Кількість ідентифікаторів для кожного зрізу під час встановлення "
- "відповідності ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
- "Використовувати для встановлення відповідності ідентифікаторів алгоритм, "
- "сумісний з autorid"
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr "Назва типового домену для встановлення відповідності ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr "SID типового домену для встановлення відповідності ідентифікаторів"
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr "Кількість вторинних зрізів"
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr "Визначає, чи слід використовувати крупи реєстраційних записів"
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr "Встановити нижню межу для дозволених ідентифікаторів із сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr "Встановити верхню межу для дозволених ідентифікаторів із сервера LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr "DN для запитів щодо ppolicy"
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
- "Максимальна кількість записів для отримання під час обробки запитів із "
- "замінниками"
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "Правила оцінки завершення строку дії пароля"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
- "Атрибути які слід використовувати для визначення чинності облікового запису"
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
- "Правила, які має бути використано для визначення достатності прав доступу"
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr "Адреса на сервері LDAP, для якої можливі зміни паролів"
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr "Адреса резервного сервера LDAP, для якої можливі зміни паролів"
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr "Назва у службі DNS сервера зміни паролів LDAP"
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
-@@ -1483,25 +1495,25 @@ msgstr ""
- "Визначає, чи слід оновлювати атрибут ldap_user_shadow_last_change після "
- "зміни пароля"
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr "Базова назва домену для пошуків правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr "Період автоматичного повного оновлення даних"
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr "Період автоматичного кмітливого оновлення даних"
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
- "Визначає, чи слід фільтрувати правила за назвами вузлів, IP-адресами та "
- "мережами"
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
-@@ -1509,141 +1521,141 @@ msgstr ""
- "Назви вузлів і/або повні назви у домені для цього комп’ютера для "
- "фільтрування списку правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
- "Адреси IPv4 або IPv6 чи мережа цього комп’ютера для фільтрування списку "
- "правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
- "Визначає, чи слід включати правила, що містять мережеву групу у атрибуті "
- "вузла"
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
- "Визначає, чи слід включати правила, що містять формальний вираз у атрибуті "
- "вузла"
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr "Клас об’єктів для правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
--msgstr ""
-+msgstr "Назва атрибута, який використано як клас об'єктів для правил sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr "Назва правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr "Атрибут команди правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr "Атрибут вузла правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr "Атрибут користувача правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr "Атрибут параметрів правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr "Атрибут runas правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
- "Атрибут користувача, від імені якого виконуватиметься запуск, правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr "Атрибут групи, від імені якої виконуватиметься запуск, правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr "Атрибут граничного часу початку дії правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr "Атрибут граничного часу завершення дії правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr "Атрибут порядку правила sudo"
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr "Клас об’єктів для карт автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr "Атрибут назви карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr "Клас об’єктів для записів карт автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr "Атрибут ключа запису карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr "Атрибут значення запису карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr "Базовий сервер назв домену для пошуків карти автоматичного монтування"
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "Відокремлений комами список дозволених користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "Відокремлений комами список заборонених користувачів"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "Типова оболонка, /bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr "Базова адреса домашніх каталогів"
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr "Кількість попередньо відгалужених дочірніх проксі-записів."
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "Назва бібліотеки NSS, яку слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
- "Визначає, чи слід виконувати пошук канонічної назви групи у кеші, якщо це "
- "можливо"
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "Стек PAM, який слід використовувати"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr "Шлях до початкового тексту файла passwd."
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr "Шлях до початкового тексту файла group."
-
-@@ -2579,14 +2591,14 @@ msgid "Search by group ID"
- msgstr "Шукати за ідентифікатором групи"
-
- #: src/tools/sssctl/sssctl_config.c:70
--#, fuzzy, c-format
-+#, c-format
- msgid "Failed to open %s\n"
--msgstr "Не вдалося обробити ім'я %s.\n"
-+msgstr "Не вдалося відкрити %s\n"
-
- #: src/tools/sssctl/sssctl_config.c:75
--#, fuzzy, c-format
-+#, c-format
- msgid "File %1$s does not exist.\n"
--msgstr "Сокета SSSD не існує."
-+msgstr "Файла %1$s не існує.\n"
-
- #: src/tools/sssctl/sssctl_config.c:79
- msgid ""
-@@ -2598,24 +2610,23 @@ msgstr ""
- #: src/tools/sssctl/sssctl_config.c:85
- #, c-format
- msgid "Failed to load configuration configuration from %s.\n"
--msgstr ""
-+msgstr "Не вдалося завантажити налаштування з %s.\n"
-
- #: src/tools/sssctl/sssctl_config.c:91
- msgid "Error while reading configuration directory.\n"
--msgstr ""
-+msgstr "Помилка під час спроби прочитати каталог налаштувань.\n"
-
- #: src/tools/sssctl/sssctl_config.c:99
--#, fuzzy
- msgid ""
- "There is no configuration. SSSD will use default configuration with files "
- "provider.\n"
- msgstr ""
--"Файла %1$s не існує. SSSD використовуватиме типові налаштування для модуля "
--"надання даних щодо файлів.\n"
-+"Немає налаштувань. SSSD використає типові налаштування для засобу надання "
-+"файлів.\n"
-
- #: src/tools/sssctl/sssctl_config.c:111
- msgid "Failed to run validators"
--msgstr ""
-+msgstr "Не вдалося запустити засоби перевірки"
-
- #: src/tools/sssctl/sssctl_config.c:115
- #, c-format
-@@ -2628,9 +2639,9 @@ msgid "Messages generated during configuration merging: %zu\n"
- msgstr "Повідомлення, створені під час об'єднування налаштувань: %zu\n"
-
- #: src/tools/sssctl/sssctl_config.c:137
--#, fuzzy, c-format
-+#, c-format
- msgid "Used configuration snippet files: %zu\n"
--msgstr "Використані файли фрагментів налаштувань: %u\n"
-+msgstr "Використаних файлів фрагментів налаштувань: %zu\n"
-
- #: src/tools/sssctl/sssctl_data.c:89
- #, c-format
-@@ -2730,9 +2741,8 @@ msgid "Online status: %s\n"
- msgstr "Стан з'єднання: %s\n"
-
- #: src/tools/sssctl/sssctl_domains.c:213
--#, fuzzy
- msgid "This domain has no active servers.\n"
--msgstr "Показати дані щодо активного сервера"
-+msgstr "У цьому домені немає активних серверів.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:218
- msgid "Active servers:\n"
-@@ -2744,7 +2754,7 @@ msgstr "не з’єднано"
-
- #: src/tools/sssctl/sssctl_domains.c:267
- msgid "No servers discovered.\n"
--msgstr ""
-+msgstr "Не виявлено жодного сервера.\n"
-
- #: src/tools/sssctl/sssctl_domains.c:273
- #, c-format
-diff --git a/po/zh_CN.po b/po/zh_CN.po
-index b040b4350..d936fdaa1 100644
---- a/po/zh_CN.po
-+++ b/po/zh_CN.po
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:50+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
-@@ -695,7 +695,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -766,737 +766,745 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos 服务器地址"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "验证超时"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr ""
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/po/zh_TW.po b/po/zh_TW.po
-index 12a6f8a97..f4e3ba1bc 100644
---- a/po/zh_TW.po
-+++ b/po/zh_TW.po
-@@ -7,7 +7,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: PACKAGE VERSION\n"
- "Report-Msgid-Bugs-To: sssd-devel@lists.fedorahosted.org\n"
--"POT-Creation-Date: 2019-11-30 22:24+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:34+0100\n"
- "PO-Revision-Date: 2014-12-14 11:50+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/sssd/"
-@@ -694,7 +694,7 @@ msgid "Active Directory client hostname"
- msgstr ""
-
- #: src/config/SSSDConfig/__init__.py.in:240
--#: src/config/SSSDConfig/__init__.py.in:425
-+#: src/config/SSSDConfig/__init__.py.in:427
- msgid "LDAP filter to determine access privileges"
- msgstr ""
-
-@@ -765,737 +765,746 @@ msgstr ""
- msgid "Option for tuning the machine account renewal task"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:257
-+#: src/config/SSSDConfig/__init__.py.in:255
-+msgid "Use LDAPS port for LDAP and Global Catalog requests"
-+msgstr ""
-+
- #: src/config/SSSDConfig/__init__.py.in:258
-+#: src/config/SSSDConfig/__init__.py.in:259
- msgid "Kerberos server address"
- msgstr "Kerberos 伺服器位址"
-
--#: src/config/SSSDConfig/__init__.py.in:259
-+#: src/config/SSSDConfig/__init__.py.in:260
- msgid "Kerberos backup server address"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:260
-+#: src/config/SSSDConfig/__init__.py.in:261
- msgid "Kerberos realm"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:261
-+#: src/config/SSSDConfig/__init__.py.in:262
- msgid "Authentication timeout"
- msgstr "認證逾時"
-
--#: src/config/SSSDConfig/__init__.py.in:262
-+#: src/config/SSSDConfig/__init__.py.in:263
- msgid "Whether to create kdcinfo files"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:263
-+#: src/config/SSSDConfig/__init__.py.in:264
- msgid "Where to drop krb5 config snippets"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:266
-+#: src/config/SSSDConfig/__init__.py.in:267
- msgid "Directory to store credential caches"
- msgstr "儲存憑證快取的目錄"
-
--#: src/config/SSSDConfig/__init__.py.in:267
-+#: src/config/SSSDConfig/__init__.py.in:268
- msgid "Location of the user's credential cache"
- msgstr "使用者憑證快取的位置"
-
--#: src/config/SSSDConfig/__init__.py.in:268
-+#: src/config/SSSDConfig/__init__.py.in:269
- msgid "Location of the keytab to validate credentials"
- msgstr "驗證憑證用的金鑰表格位置"
-
--#: src/config/SSSDConfig/__init__.py.in:269
-+#: src/config/SSSDConfig/__init__.py.in:270
- msgid "Enable credential validation"
- msgstr "啟用憑證驗證"
-
--#: src/config/SSSDConfig/__init__.py.in:270
-+#: src/config/SSSDConfig/__init__.py.in:271
- msgid "Store password if offline for later online authentication"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:271
-+#: src/config/SSSDConfig/__init__.py.in:272
- msgid "Renewable lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:272
-+#: src/config/SSSDConfig/__init__.py.in:273
- msgid "Lifetime of the TGT"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:273
-+#: src/config/SSSDConfig/__init__.py.in:274
- msgid "Time between two checks for renewal"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:274
-+#: src/config/SSSDConfig/__init__.py.in:275
- msgid "Enables FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:275
-+#: src/config/SSSDConfig/__init__.py.in:276
- msgid "Selects the principal to use for FAST"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:276
-+#: src/config/SSSDConfig/__init__.py.in:277
- msgid "Enables principal canonicalization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:277
-+#: src/config/SSSDConfig/__init__.py.in:278
- msgid "Enables enterprise principals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:278
-+#: src/config/SSSDConfig/__init__.py.in:279
- msgid "A mapping from user names to Kerberos principal names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:281
- #: src/config/SSSDConfig/__init__.py.in:282
-+#: src/config/SSSDConfig/__init__.py.in:283
- msgid "Server where the change password service is running if not on the KDC"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:285
-+#: src/config/SSSDConfig/__init__.py.in:286
- msgid "ldap_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:286
-+#: src/config/SSSDConfig/__init__.py.in:287
- msgid "ldap_backup_uri, The URI of the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:287
-+#: src/config/SSSDConfig/__init__.py.in:288
- msgid "The default base DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:288
-+#: src/config/SSSDConfig/__init__.py.in:289
- msgid "The Schema Type in use on the LDAP server, rfc2307"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:289
-+#: src/config/SSSDConfig/__init__.py.in:290
- msgid "Mode used to change user password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:290
-+#: src/config/SSSDConfig/__init__.py.in:291
- msgid "The default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:291
-+#: src/config/SSSDConfig/__init__.py.in:292
- msgid "The type of the authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:292
-+#: src/config/SSSDConfig/__init__.py.in:293
- msgid "The authentication token of the default bind DN"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:293
-+#: src/config/SSSDConfig/__init__.py.in:294
- msgid "Length of time to attempt connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:294
-+#: src/config/SSSDConfig/__init__.py.in:295
- msgid "Length of time to attempt synchronous LDAP operations"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:295
-+#: src/config/SSSDConfig/__init__.py.in:296
- msgid "Length of time between attempts to reconnect while offline"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:296
-+#: src/config/SSSDConfig/__init__.py.in:297
- msgid "Use only the upper case for realm names"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:297
-+#: src/config/SSSDConfig/__init__.py.in:298
- msgid "File that contains CA certificates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:298
-+#: src/config/SSSDConfig/__init__.py.in:299
- msgid "Path to CA certificate directory"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:299
-+#: src/config/SSSDConfig/__init__.py.in:300
- msgid "File that contains the client certificate"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:300
-+#: src/config/SSSDConfig/__init__.py.in:301
- msgid "File that contains the client key"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:301
-+#: src/config/SSSDConfig/__init__.py.in:302
- msgid "List of possible ciphers suites"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:302
-+#: src/config/SSSDConfig/__init__.py.in:303
- msgid "Require TLS certificate verification"
- msgstr "需要 TLS 憑證驗證"
-
--#: src/config/SSSDConfig/__init__.py.in:303
-+#: src/config/SSSDConfig/__init__.py.in:304
- msgid "Specify the sasl mechanism to use"
- msgstr "指定要使用的 sasl 機制"
-
--#: src/config/SSSDConfig/__init__.py.in:304
-+#: src/config/SSSDConfig/__init__.py.in:305
- msgid "Specify the sasl authorization id to use"
- msgstr "指定要使用的 sasl 認證 id"
-
--#: src/config/SSSDConfig/__init__.py.in:305
-+#: src/config/SSSDConfig/__init__.py.in:306
- msgid "Specify the sasl authorization realm to use"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:306
-+#: src/config/SSSDConfig/__init__.py.in:307
- msgid "Specify the minimal SSF for LDAP sasl authorization"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:307
-+#: src/config/SSSDConfig/__init__.py.in:308
-+#, fuzzy
-+msgid "Specify the maximal SSF for LDAP sasl authorization"
-+msgstr "指定要使用的 sasl 認證 id"
-+
-+#: src/config/SSSDConfig/__init__.py.in:309
- msgid "Kerberos service keytab"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:308
-+#: src/config/SSSDConfig/__init__.py.in:310
- msgid "Use Kerberos auth for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:309
-+#: src/config/SSSDConfig/__init__.py.in:311
- msgid "Follow LDAP referrals"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:310
-+#: src/config/SSSDConfig/__init__.py.in:312
- msgid "Lifetime of TGT for LDAP connection"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:311
-+#: src/config/SSSDConfig/__init__.py.in:313
- msgid "How to dereference aliases"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:312
-+#: src/config/SSSDConfig/__init__.py.in:314
- msgid "Service name for DNS service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:313
-+#: src/config/SSSDConfig/__init__.py.in:315
- msgid "The number of records to retrieve in a single LDAP query"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:314
-+#: src/config/SSSDConfig/__init__.py.in:316
- msgid "The number of members that must be missing to trigger a full deref"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:315
-+#: src/config/SSSDConfig/__init__.py.in:317
- msgid ""
- "Whether the LDAP library should perform a reverse lookup to canonicalize the "
- "host name during a SASL bind"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:317
-+#: src/config/SSSDConfig/__init__.py.in:319
- msgid "entryUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:318
-+#: src/config/SSSDConfig/__init__.py.in:320
- msgid "lastUSN attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:320
-+#: src/config/SSSDConfig/__init__.py.in:322
- msgid "How long to retain a connection to the LDAP server before disconnecting"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:322
-+#: src/config/SSSDConfig/__init__.py.in:324
- msgid "Disable the LDAP paging control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:323
-+#: src/config/SSSDConfig/__init__.py.in:325
- msgid "Disable Active Directory range retrieval"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:326
-+#: src/config/SSSDConfig/__init__.py.in:328
- msgid "Length of time to wait for a search request"
- msgstr "搜尋請求的等候時間長度"
-
--#: src/config/SSSDConfig/__init__.py.in:327
-+#: src/config/SSSDConfig/__init__.py.in:329
- msgid "Length of time to wait for a enumeration request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:328
-+#: src/config/SSSDConfig/__init__.py.in:330
- msgid "Length of time between enumeration updates"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:329
-+#: src/config/SSSDConfig/__init__.py.in:331
- msgid "Length of time between cache cleanups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:330
-+#: src/config/SSSDConfig/__init__.py.in:332
- msgid "Require TLS for ID lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:331
-+#: src/config/SSSDConfig/__init__.py.in:333
- msgid "Use ID-mapping of objectSID instead of pre-set IDs"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:332
-+#: src/config/SSSDConfig/__init__.py.in:334
- msgid "Base DN for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:333
-+#: src/config/SSSDConfig/__init__.py.in:335
- msgid "Scope of user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:334
-+#: src/config/SSSDConfig/__init__.py.in:336
- msgid "Filter for user lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:335
-+#: src/config/SSSDConfig/__init__.py.in:337
- msgid "Objectclass for users"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:336
-+#: src/config/SSSDConfig/__init__.py.in:338
- msgid "Username attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:338
-+#: src/config/SSSDConfig/__init__.py.in:340
- msgid "UID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:339
-+#: src/config/SSSDConfig/__init__.py.in:341
- msgid "Primary GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:340
-+#: src/config/SSSDConfig/__init__.py.in:342
- msgid "GECOS attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:341
-+#: src/config/SSSDConfig/__init__.py.in:343
- msgid "Home directory attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:342
-+#: src/config/SSSDConfig/__init__.py.in:344
- msgid "Shell attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:343
-+#: src/config/SSSDConfig/__init__.py.in:345
- msgid "UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:344
--#: src/config/SSSDConfig/__init__.py.in:386
-+#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:388
- msgid "objectSID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:345
-+#: src/config/SSSDConfig/__init__.py.in:347
- msgid "Active Directory primary group attribute for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:346
-+#: src/config/SSSDConfig/__init__.py.in:348
- msgid "User principal attribute (for Kerberos)"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:347
-+#: src/config/SSSDConfig/__init__.py.in:349
- msgid "Full Name"
- msgstr "全名"
-
--#: src/config/SSSDConfig/__init__.py.in:348
-+#: src/config/SSSDConfig/__init__.py.in:350
- msgid "memberOf attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:349
-+#: src/config/SSSDConfig/__init__.py.in:351
- msgid "Modification time attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:351
-+#: src/config/SSSDConfig/__init__.py.in:353
- msgid "shadowLastChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:352
-+#: src/config/SSSDConfig/__init__.py.in:354
- msgid "shadowMin attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:353
-+#: src/config/SSSDConfig/__init__.py.in:355
- msgid "shadowMax attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:354
-+#: src/config/SSSDConfig/__init__.py.in:356
- msgid "shadowWarning attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:355
-+#: src/config/SSSDConfig/__init__.py.in:357
- msgid "shadowInactive attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:356
-+#: src/config/SSSDConfig/__init__.py.in:358
- msgid "shadowExpire attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:357
-+#: src/config/SSSDConfig/__init__.py.in:359
- msgid "shadowFlag attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:358
-+#: src/config/SSSDConfig/__init__.py.in:360
- msgid "Attribute listing authorized PAM services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:359
-+#: src/config/SSSDConfig/__init__.py.in:361
- msgid "Attribute listing authorized server hosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:360
-+#: src/config/SSSDConfig/__init__.py.in:362
- msgid "Attribute listing authorized server rhosts"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:361
-+#: src/config/SSSDConfig/__init__.py.in:363
- msgid "krbLastPwdChange attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:362
-+#: src/config/SSSDConfig/__init__.py.in:364
- msgid "krbPasswordExpiration attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:363
-+#: src/config/SSSDConfig/__init__.py.in:365
- msgid "Attribute indicating that server side password policies are active"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:364
-+#: src/config/SSSDConfig/__init__.py.in:366
- msgid "accountExpires attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:365
-+#: src/config/SSSDConfig/__init__.py.in:367
- msgid "userAccountControl attribute of AD"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:366
-+#: src/config/SSSDConfig/__init__.py.in:368
- msgid "nsAccountLock attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:367
-+#: src/config/SSSDConfig/__init__.py.in:369
- msgid "loginDisabled attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:368
-+#: src/config/SSSDConfig/__init__.py.in:370
- msgid "loginExpirationTime attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:369
-+#: src/config/SSSDConfig/__init__.py.in:371
- msgid "loginAllowedTimeMap attribute of NDS"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:370
-+#: src/config/SSSDConfig/__init__.py.in:372
- msgid "SSH public key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:371
-+#: src/config/SSSDConfig/__init__.py.in:373
- msgid "attribute listing allowed authentication types for a user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:372
-+#: src/config/SSSDConfig/__init__.py.in:374
- msgid "attribute containing the X509 certificate of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:373
-+#: src/config/SSSDConfig/__init__.py.in:375
- msgid "attribute containing the email address of the user"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:375
-+#: src/config/SSSDConfig/__init__.py.in:377
- msgid "A list of extra attributes to download along with the user entry"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:377
-+#: src/config/SSSDConfig/__init__.py.in:379
- msgid "Base DN for group lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:380
-+#: src/config/SSSDConfig/__init__.py.in:382
- msgid "Objectclass for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:381
-+#: src/config/SSSDConfig/__init__.py.in:383
- msgid "Group name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:382
-+#: src/config/SSSDConfig/__init__.py.in:384
- msgid "Group password"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:383
-+#: src/config/SSSDConfig/__init__.py.in:385
- msgid "GID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:384
-+#: src/config/SSSDConfig/__init__.py.in:386
- msgid "Group member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:385
-+#: src/config/SSSDConfig/__init__.py.in:387
- msgid "Group UUID attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:387
-+#: src/config/SSSDConfig/__init__.py.in:389
- msgid "Modification time attribute for groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:388
-+#: src/config/SSSDConfig/__init__.py.in:390
- msgid "Type of the group and other flags"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:389
-+#: src/config/SSSDConfig/__init__.py.in:391
- msgid "The LDAP group external member attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:391
-+#: src/config/SSSDConfig/__init__.py.in:393
- msgid "Maximum nesting level SSSD will follow"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:393
-+#: src/config/SSSDConfig/__init__.py.in:395
- msgid "Base DN for netgroup lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:394
-+#: src/config/SSSDConfig/__init__.py.in:396
- msgid "Objectclass for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:395
-+#: src/config/SSSDConfig/__init__.py.in:397
- msgid "Netgroup name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:396
-+#: src/config/SSSDConfig/__init__.py.in:398
- msgid "Netgroups members attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:397
-+#: src/config/SSSDConfig/__init__.py.in:399
- msgid "Netgroup triple attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:398
-+#: src/config/SSSDConfig/__init__.py.in:400
- msgid "Modification time attribute for netgroups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:400
-+#: src/config/SSSDConfig/__init__.py.in:402
- msgid "Base DN for service lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:401
-+#: src/config/SSSDConfig/__init__.py.in:403
- msgid "Objectclass for services"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:402
-+#: src/config/SSSDConfig/__init__.py.in:404
- msgid "Service name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:403
-+#: src/config/SSSDConfig/__init__.py.in:405
- msgid "Service port attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:404
-+#: src/config/SSSDConfig/__init__.py.in:406
- msgid "Service protocol attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:407
-+#: src/config/SSSDConfig/__init__.py.in:409
- msgid "Lower bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:408
-+#: src/config/SSSDConfig/__init__.py.in:410
- msgid "Upper bound for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:409
-+#: src/config/SSSDConfig/__init__.py.in:411
- msgid "Number of IDs for each slice when ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:410
-+#: src/config/SSSDConfig/__init__.py.in:412
- msgid "Use autorid-compatible algorithm for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:411
-+#: src/config/SSSDConfig/__init__.py.in:413
- msgid "Name of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:412
-+#: src/config/SSSDConfig/__init__.py.in:414
- msgid "SID of the default domain for ID-mapping"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:413
-+#: src/config/SSSDConfig/__init__.py.in:415
- msgid "Number of secondary slices"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:415
-+#: src/config/SSSDConfig/__init__.py.in:417
- msgid "Whether to use Token-Groups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:416
-+#: src/config/SSSDConfig/__init__.py.in:418
- msgid "Set lower boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:417
-+#: src/config/SSSDConfig/__init__.py.in:419
- msgid "Set upper boundary for allowed IDs from the LDAP server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:418
-+#: src/config/SSSDConfig/__init__.py.in:420
- msgid "DN for ppolicy queries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:419
-+#: src/config/SSSDConfig/__init__.py.in:421
- msgid "How many maximum entries to fetch during a wildcard request"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:422
-+#: src/config/SSSDConfig/__init__.py.in:424
- msgid "Policy to evaluate the password expiration"
- msgstr "評估密碼過期時效的策略"
-
--#: src/config/SSSDConfig/__init__.py.in:426
-+#: src/config/SSSDConfig/__init__.py.in:428
- msgid "Which attributes shall be used to evaluate if an account is expired"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:427
-+#: src/config/SSSDConfig/__init__.py.in:429
- msgid "Which rules should be used to evaluate access control"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:430
-+#: src/config/SSSDConfig/__init__.py.in:432
- msgid "URI of an LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:431
-+#: src/config/SSSDConfig/__init__.py.in:433
- msgid "URI of a backup LDAP server where password changes are allowed"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:432
-+#: src/config/SSSDConfig/__init__.py.in:434
- msgid "DNS service name for LDAP password change server"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:433
-+#: src/config/SSSDConfig/__init__.py.in:435
- msgid ""
- "Whether to update the ldap_user_shadow_last_change attribute after a "
- "password change"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:436
-+#: src/config/SSSDConfig/__init__.py.in:438
- msgid "Base DN for sudo rules lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:437
-+#: src/config/SSSDConfig/__init__.py.in:439
- msgid "Automatic full refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:438
-+#: src/config/SSSDConfig/__init__.py.in:440
- msgid "Automatic smart refresh period"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:439
-+#: src/config/SSSDConfig/__init__.py.in:441
- msgid "Whether to filter rules by hostname, IP addresses and network"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:440
-+#: src/config/SSSDConfig/__init__.py.in:442
- msgid ""
- "Hostnames and/or fully qualified domain names of this machine to filter sudo "
- "rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:441
-+#: src/config/SSSDConfig/__init__.py.in:443
- msgid "IPv4 or IPv6 addresses or network of this machine to filter sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:442
-+#: src/config/SSSDConfig/__init__.py.in:444
- msgid "Whether to include rules that contains netgroup in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:443
-+#: src/config/SSSDConfig/__init__.py.in:445
- msgid ""
- "Whether to include rules that contains regular expression in host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:444
-+#: src/config/SSSDConfig/__init__.py.in:446
- msgid "Object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:445
-+#: src/config/SSSDConfig/__init__.py.in:447
- msgid "Name of attribute that is used as object class for sudo rules"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:446
-+#: src/config/SSSDConfig/__init__.py.in:448
- msgid "Sudo rule name"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:447
-+#: src/config/SSSDConfig/__init__.py.in:449
- msgid "Sudo rule command attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:448
-+#: src/config/SSSDConfig/__init__.py.in:450
- msgid "Sudo rule host attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:449
-+#: src/config/SSSDConfig/__init__.py.in:451
- msgid "Sudo rule user attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:450
-+#: src/config/SSSDConfig/__init__.py.in:452
- msgid "Sudo rule option attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:451
-+#: src/config/SSSDConfig/__init__.py.in:453
- msgid "Sudo rule runas attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:452
-+#: src/config/SSSDConfig/__init__.py.in:454
- msgid "Sudo rule runasuser attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:453
-+#: src/config/SSSDConfig/__init__.py.in:455
- msgid "Sudo rule runasgroup attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:454
-+#: src/config/SSSDConfig/__init__.py.in:456
- msgid "Sudo rule notbefore attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:455
-+#: src/config/SSSDConfig/__init__.py.in:457
- msgid "Sudo rule notafter attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:456
-+#: src/config/SSSDConfig/__init__.py.in:458
- msgid "Sudo rule order attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:459
-+#: src/config/SSSDConfig/__init__.py.in:461
- msgid "Object class for automounter maps"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:460
-+#: src/config/SSSDConfig/__init__.py.in:462
- msgid "Automounter map name attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:461
-+#: src/config/SSSDConfig/__init__.py.in:463
- msgid "Object class for automounter map entries"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:462
-+#: src/config/SSSDConfig/__init__.py.in:464
- msgid "Automounter map entry key attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:463
-+#: src/config/SSSDConfig/__init__.py.in:465
- msgid "Automounter map entry value attribute"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:464
-+#: src/config/SSSDConfig/__init__.py.in:466
- msgid "Base DN for automounter map lookups"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:467
-+#: src/config/SSSDConfig/__init__.py.in:469
- msgid "Comma separated list of allowed users"
- msgstr "許可的使用者清單,請使用半形逗號作為分隔"
-
--#: src/config/SSSDConfig/__init__.py.in:468
-+#: src/config/SSSDConfig/__init__.py.in:470
- msgid "Comma separated list of prohibited users"
- msgstr "被禁止的使用者清單,請使用半形逗號作為分隔"
-
--#: src/config/SSSDConfig/__init__.py.in:471
-+#: src/config/SSSDConfig/__init__.py.in:473
- msgid "Default shell, /bin/bash"
- msgstr "預設 shell,/bin/bash"
-
--#: src/config/SSSDConfig/__init__.py.in:472
-+#: src/config/SSSDConfig/__init__.py.in:474
- msgid "Base for home directories"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:475
-+#: src/config/SSSDConfig/__init__.py.in:477
- msgid "The number of preforked proxy children."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:478
-+#: src/config/SSSDConfig/__init__.py.in:480
- msgid "The name of the NSS library to use"
- msgstr "要使用的 NSS 函式庫名稱"
-
--#: src/config/SSSDConfig/__init__.py.in:479
-+#: src/config/SSSDConfig/__init__.py.in:481
- msgid "Whether to look up canonical group name from cache if possible"
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:482
-+#: src/config/SSSDConfig/__init__.py.in:484
- msgid "PAM stack to use"
- msgstr "要使用的 PAM 堆疊"
-
--#: src/config/SSSDConfig/__init__.py.in:485
-+#: src/config/SSSDConfig/__init__.py.in:487
- msgid "Path of passwd file sources."
- msgstr ""
-
--#: src/config/SSSDConfig/__init__.py.in:486
-+#: src/config/SSSDConfig/__init__.py.in:488
- msgid "Path of group file sources."
- msgstr ""
-
-diff --git a/src/man/po/br.po b/src/man/po/br.po
-index e6f1d4dc7..414322a17 100644
---- a/src/man/po/br.po
-+++ b/src/man/po/br.po
-@@ -6,9 +6,9 @@
- # Fulup <fulup.jakez@gmail.com>, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-14 11:51+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Breton (http://www.transifex.com/projects/p/sssd/language/"
-@@ -300,9 +300,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Dre ziouer : true"
-@@ -322,16 +322,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -360,7 +360,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -658,8 +658,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -768,10 +768,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Dre zoiuer : 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1741,7 +1739,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Dre ziouer : 0"
-
-@@ -1805,7 +1803,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1870,8 +1868,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5040,34 +5038,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5075,14 +5092,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5090,17 +5107,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5110,12 +5127,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5123,17 +5140,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5141,7 +5171,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5152,7 +5182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5161,7 +5191,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5169,26 +5199,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5196,7 +5226,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5204,7 +5234,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5212,41 +5242,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5255,32 +5285,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5288,24 +5318,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5313,17 +5343,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5334,24 +5364,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5362,12 +5392,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5380,7 +5410,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5392,17 +5422,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5410,49 +5440,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5460,28 +5490,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5493,7 +5523,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5501,7 +5531,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5509,39 +5539,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5551,7 +5581,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5559,26 +5589,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5586,7 +5616,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5594,31 +5624,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5627,56 +5657,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5692,12 +5722,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5706,14 +5736,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5722,24 +5752,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5747,19 +5777,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5768,7 +5798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5776,7 +5806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5785,7 +5815,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5793,22 +5823,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5818,14 +5848,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5838,12 +5868,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5853,7 +5883,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5863,63 +5893,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5928,74 +5958,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6006,7 +6036,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6014,24 +6044,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6048,12 +6078,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6061,36 +6091,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6098,14 +6128,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6115,101 +6145,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6218,59 +6248,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6279,22 +6309,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6303,14 +6333,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6318,7 +6348,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6331,27 +6361,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6367,13 +6397,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7903,7 +7933,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7918,7 +7948,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7933,12 +7963,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7959,12 +7989,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7988,17 +8018,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8006,7 +8036,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8033,7 +8063,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8046,12 +8076,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8070,60 +8100,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8237,26 +8267,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9696,9 +9726,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9708,19 +9754,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9730,12 +9776,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9743,7 +9789,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9758,7 +9804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9767,7 +9813,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9775,7 +9821,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9785,7 +9831,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13904,10 +13950,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "Dre ziouer : 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13923,10 +13967,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "Dre ziouer : 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15429,10 +15471,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "RANNOÙ SERVIJOÙ"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-diff --git a/src/man/po/ca.po b/src/man/po/ca.po
-index adf6edf19..e2dfb3ef8 100644
---- a/src/man/po/ca.po
-+++ b/src/man/po/ca.po
-@@ -12,9 +12,9 @@
- # Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>, 2015. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2015-10-18 04:13+0000\n"
- "Last-Translator: Robert Antoni Buj Gelonch <rbuj@fedoraproject.org>\n"
- "Language-Team: Catalan (http://www.transifex.com/projects/p/sssd/language/"
-@@ -334,9 +334,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Per defecte: true"
-@@ -359,16 +359,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Per defecte: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -397,7 +397,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Per defecte: 10"
-
-@@ -592,10 +592,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (booleà)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -611,21 +609,11 @@ msgstr "try_inotify (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"L'SSSD monitora l'estat del resolv.conf per identificar quan cal actualitzar "
--"el seu traductor intern de DNS. Per defecte, s'intentarà utilitzar inotify "
--"per a això i recaurà en sondejar el resolv.conf cada cinc segons si no es "
--"pot utilitzar l'inotify."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -735,13 +723,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -752,15 +733,10 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Tingueu en compte que si s'estableix aquesta opció per a tots els usuaris "
--"des del domini principal, s'han d'utilitzar el seu FQN, p. ex. usuari@nom."
--"domini, per iniciar la sessió. En establir aquesta opció es canvia el "
--"predeterminat d'use_fully_qualified_names a True. No està permès l'ús "
--"d'aquesta opció juntament amb use_fully_qualified_names establert a False."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -869,10 +845,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Per defecte: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1911,7 +1885,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Per defecte: 0"
-
-@@ -1975,7 +1949,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Per defecte: none"
-
-@@ -2040,8 +2014,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Per defecte: False"
-@@ -2363,10 +2337,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2387,10 +2359,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Per defecte: sense establir (no se substituiran els espais)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5378,34 +5348,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Per defecte: 900 (15 minuts)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (enter)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Per defecte: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5413,14 +5404,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5428,17 +5419,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5448,12 +5439,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5461,17 +5452,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (enter)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5479,7 +5485,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5490,7 +5496,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5499,7 +5505,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5507,12 +5513,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5522,7 +5528,7 @@ msgstr ""
- "valors següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5531,7 +5537,7 @@ msgstr ""
- "certificat del servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5543,7 +5549,7 @@ msgstr ""
- "normalment."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5554,7 +5560,7 @@ msgstr ""
- "proporciona un certificat dolent, immediatament s'acaba la sessió."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5565,22 +5571,22 @@ msgstr ""
- "immediatament s'acaba la sessió."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Per defecte: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5589,7 +5595,7 @@ msgstr ""
- "Certificació que reconeixerà l'<command>sssd</command>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5598,12 +5604,12 @@ msgstr ""
- "<filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5617,32 +5623,32 @@ msgstr ""
- "correctes."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5650,12 +5656,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -5664,12 +5670,12 @@ msgstr ""
- "class=\"protocol\">tls</systemitem> per a protegir el canal."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5677,17 +5683,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5698,24 +5704,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5726,12 +5732,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5744,7 +5750,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5756,17 +5762,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5774,51 +5780,51 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Per defecte: el valor de krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Per defecte: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Per defecte: Fitxer keytab de sistema, normalment <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5826,28 +5832,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Per defecte: 86400 (24 hores)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5859,7 +5865,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5870,7 +5876,7 @@ msgstr ""
- "retorna a _tcp si no se'n troba cap."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5882,41 +5888,41 @@ msgstr ""
- "<quote>krb5_server</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Per defecte: Paràmetres predeterminats del sistema, vegeu <filename>/etc/"
- "krb5.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5926,7 +5932,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5934,12 +5940,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -5948,7 +5954,7 @@ msgstr ""
- "costat del client. S'admeten els valors següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -5957,7 +5963,7 @@ msgstr ""
- "opció no inhabilita les polítiques de contrasenya de servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5965,7 +5971,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5977,25 +5983,25 @@ msgstr ""
- "contrasenya."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
- "Especifica si el seguiment automàtic del referenciador s'hauria d'habilitar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6004,7 +6010,7 @@ msgstr ""
- "quan es compila amb la versió 2.4.13 o superiors d'OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6013,29 +6019,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Especifica el nom de servei per utilitzar quan està habilitada la detecció "
- "de serveis."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Per defecte: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6045,30 +6051,30 @@ msgstr ""
- "dels serveis."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
- "Defecte: no definit, és a dir, el descobriment de serveis està inhabilitat"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6084,12 +6090,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Exemple:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6098,14 +6104,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6114,17 +6120,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Per defecte: Buit"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6133,7 +6139,7 @@ msgstr ""
- "d'atributs de control d'accés."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6145,12 +6151,12 @@ msgstr ""
- "contrasenya és correcta."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "S'admeten els valors següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6159,7 +6165,7 @@ msgstr ""
- "determinar si el compte ha caducat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6168,7 +6174,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6176,7 +6182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6185,7 +6191,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6193,24 +6199,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Llista separada per comes d'opcions de control d'accés. Els valors permesos "
- "són:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: utilitza ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6220,14 +6226,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6240,12 +6246,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: utilitza ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6255,7 +6261,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6265,20 +6271,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6287,31 +6293,31 @@ msgstr ""
- "authorizedService per determinar l'accés"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Per defecte: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -6320,12 +6326,12 @@ msgstr ""
- "s'utilitza més d'una vegada."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6334,22 +6340,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Exemple: cn=ppolicy,ou=policies,dc=exemple,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Per defecte: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6358,13 +6364,13 @@ msgstr ""
- "es fa una cerca. S'admeten les opcions següents:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
- "<emphasis>never</emphasis>: les referències dels àlies mai són eliminades."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6374,7 +6380,7 @@ msgstr ""
- "de la cerca."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6383,7 +6389,7 @@ msgstr ""
- "només en localitzar l'objecte base de la cerca."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6392,7 +6398,7 @@ msgstr ""
- "en la recerca i en la localització de l'objecte base de la cerca."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6401,19 +6407,19 @@ msgstr ""
- "biblioteques de client LDAP)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6424,7 +6430,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6432,36 +6438,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6471,20 +6470,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Totes les opcions comunes de configuració que s'apliquen als dominis SSD "
--"també s'apliquen als dominis LDAP. Referiu-vos a la secció <quote>SECCIONS "
--"DE DOMINI</quote> de la pàgina de manual de <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry> per a tots els detalls. <placeholder type=\"variablelist\" id="
--"\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "OPCIONS DE SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6492,36 +6485,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Per defecte: 21600 (6 hores)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6529,14 +6522,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6546,101 +6539,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6649,59 +6642,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "OPCIONS D'AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Per defecte: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPCIONS AVANÇADES"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6710,22 +6703,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6734,14 +6727,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPLE"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6752,7 +6745,7 @@ msgstr ""
- "replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6765,27 +6758,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6801,13 +6794,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTES"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8451,7 +8444,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (booleà)"
-
-@@ -8466,7 +8459,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8481,12 +8474,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (enter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8507,12 +8500,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8536,17 +8529,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8554,7 +8547,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8581,7 +8574,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (enter)"
-
-@@ -8594,12 +8587,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8618,60 +8611,60 @@ msgid "Default: False (disabled)"
- msgstr "Per defecte: False (inhabilitat)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (booleà)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8785,26 +8778,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10268,9 +10261,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (booleà)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10280,19 +10291,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Per defecte: 3600 (segons)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10302,12 +10313,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Per defecte: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10315,7 +10326,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10339,7 +10350,7 @@ msgstr ""
- "ad_domain = exemple.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10351,7 +10362,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10359,7 +10370,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10369,7 +10380,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -10897,16 +10908,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Si la variable d'entorn SSS_NSS_USE_MEMCACHE està establerta a \"NO\", les "
--"aplicacions clients no utilitzaran el fast en la memòria cau."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -11998,20 +12003,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
--#| "<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> for more information on configuring Kerberos."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"<quote>krb5</quote> per canviar la contrasenya Kerberos. Vegeu "
--"<citerefentry><refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
--"manvolnum></citerefentry> per a més informació sobre configurar Kerberos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -14753,26 +14750,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the IPA provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"En aquesta pàgina del manual es descriu la configuració del proveïdor IPA "
--"per a <citerefentry><refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--"manvolnum></citerefentry>. Per una referència detallada sintaxi, aneu a la "
--"secció de <quote>FORMAT DE FITXER</quote> de la pàgina del manual "
--"<citerefentry>d'<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -14801,10 +14784,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (enter)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -14818,10 +14799,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id, max_id (enter)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -14832,17 +14811,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Per defecte: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (enter)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -14853,10 +14828,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Per defecte: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15057,17 +15030,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "user_attributes = +telephoneNumber, -loginShell\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"user_attributes = +telephoneNumber, -loginShell\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -15336,10 +15304,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -15358,28 +15324,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Proveïdor de LDAP de l'SSSD"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -15387,12 +15341,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"En aquesta pàgina del manual es descriu la configuració de dominis LDAP per "
--"a <citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry>. Consulteu la secció <quote>FORMAT DE FITXER</"
--"quote> de la pàgina del manual <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> per obtenir "
--"informació detallada de la sintaxi."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -16210,10 +16158,8 @@ msgstr "ldap_group_modify_timestamp (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -16428,10 +16374,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SECCIONS DELS SERVEIS"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -16665,10 +16609,8 @@ msgstr "Per defecte: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "OPCIONS D'AUTOFS"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -16917,10 +16859,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (enter)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -18005,9 +17945,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Per defecte: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (enter)"
-diff --git a/src/man/po/cs.po b/src/man/po/cs.po
-index 4642fe99e..086df21c0 100644
---- a/src/man/po/cs.po
-+++ b/src/man/po/cs.po
-@@ -8,9 +8,9 @@
- # Pavel Borecki <pavel.borecki@gmail.com>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2019-06-21 02:15+0000\n"
- "Last-Translator: Pavel Borecki <pavel.borecki@gmail.com>\n"
- "Language-Team: Czech (http://www.transifex.com/projects/p/sssd/language/"
-@@ -298,9 +298,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -320,16 +320,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -358,7 +358,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -656,8 +656,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -766,10 +766,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 200000"
- msgid "Default: sha256"
--msgstr "Výchozí: 200000"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1739,7 +1737,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1803,7 +1801,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1868,8 +1866,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5040,34 +5038,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_idmap_range_size (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_idmap_range_size (celé číslo)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5075,14 +5094,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5090,17 +5109,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5110,12 +5129,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5123,17 +5142,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_idmap_range_max (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_idmap_range_max (celé číslo)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5141,7 +5175,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5152,7 +5186,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5161,7 +5195,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5169,26 +5203,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5196,7 +5230,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5204,7 +5238,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5212,41 +5246,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5255,32 +5289,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5288,24 +5322,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5313,17 +5347,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5334,24 +5368,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5362,12 +5396,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5380,7 +5414,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5392,17 +5426,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5410,49 +5444,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5460,28 +5494,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5493,7 +5527,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5501,7 +5535,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5509,39 +5543,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5551,7 +5585,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5559,26 +5593,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5586,7 +5620,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5594,31 +5628,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5627,56 +5661,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5692,12 +5726,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5706,14 +5740,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5722,24 +5756,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5747,19 +5781,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5768,7 +5802,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5776,7 +5810,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5785,7 +5819,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5793,22 +5827,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5818,14 +5852,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5838,12 +5872,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5853,7 +5887,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5863,63 +5897,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5928,74 +5962,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6006,7 +6040,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6014,24 +6048,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6048,12 +6082,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6061,36 +6095,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6098,14 +6132,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6115,101 +6149,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6218,59 +6252,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6279,22 +6313,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6303,14 +6337,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6318,7 +6352,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6331,27 +6365,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6367,13 +6401,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7908,7 +7942,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7923,7 +7957,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7938,12 +7972,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7964,12 +7998,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7993,17 +8027,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8011,7 +8045,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8038,7 +8072,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8051,12 +8085,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8075,60 +8109,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8242,26 +8276,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9701,9 +9735,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9713,19 +9763,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9735,12 +9785,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9748,7 +9798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9763,7 +9813,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9772,7 +9822,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9780,7 +9830,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9790,7 +9840,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13887,10 +13937,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "ldap_idmap_range_size (integer)"
- msgid "max_ccaches (integer)"
--msgstr "ldap_idmap_range_size (celé číslo)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13904,10 +13952,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "ldap_idmap_range_size (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "ldap_idmap_range_size (celé číslo)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13918,17 +13964,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 200000"
- msgid "Default: 64"
--msgstr "Výchozí: 200000"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_idmap_range_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_idmap_range_size (celé číslo)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -13939,10 +13981,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 200000"
- msgid "Default: 65536"
--msgstr "Výchozí: 200000"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -14131,10 +14171,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:176
--#, fuzzy
--#| msgid "probe sdap_search_send"
- msgid "probe sdap_parse_entry"
--msgstr "vyzkouší sdap_search_send"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:179
-@@ -14154,10 +14192,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
--#, fuzzy
--#| msgid "probe dp_req_done"
- msgid "probe sdap_parse_entry_done"
--msgstr "probe dp_req_done"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:193
-@@ -15236,10 +15272,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "simple_deny_groups (string)"
- msgid "ldap_group_type (string)"
--msgstr "simple_deny_groups (řetězec)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -15938,10 +15972,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-diff --git a/src/man/po/de.po b/src/man/po/de.po
-index cb8d12f78..6e65e6abc 100644
---- a/src/man/po/de.po
-+++ b/src/man/po/de.po
-@@ -8,9 +8,9 @@
- # Mario Blättermann <mario.blaettermann@gmail.com>, 2014
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-14 11:53+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
-@@ -324,9 +324,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Voreinstellung: »true«"
-@@ -346,16 +346,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Voreinstellung: »false«"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -384,7 +384,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Voreinstellung: 10"
-
-@@ -582,10 +582,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (Boolesch)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -601,22 +599,11 @@ msgstr "try_inotify (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es "
--"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir "
--"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden "
--"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« "
--"abzufragen."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -738,8 +725,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -848,10 +835,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Voreinstellung: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1929,7 +1914,7 @@ msgstr ""
- "emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Voreinstellung: 0"
-
-@@ -1993,7 +1978,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Voreinstellung: none"
-
-@@ -2058,8 +2043,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Voreinstellung: False"
-@@ -2392,10 +2377,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_extra_attrs (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_extra_attrs (Zeichenkette)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2416,10 +2399,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set, i.e. FAST is not used."
- msgid "Default: not set, all found rules are used"
--msgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5638,17 +5619,38 @@ msgstr ""
- "Lebensdauer) verwendet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Voreinstellung: 900 (15 Minuten)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (Ganzzahl)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -5658,17 +5660,17 @@ msgstr ""
- "pro Anfrage."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Voreinstellung: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5680,7 +5682,7 @@ msgstr ""
- "deaktiviert ist oder sich nicht ordnungsgemäß verhält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -5690,7 +5692,7 @@ msgstr ""
- "aber nicht in der Lage, es zu benutzen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5702,17 +5704,17 @@ msgstr ""
- "abgelehnt werden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "deaktiviert die Bereichsabfrage von Active Directory"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5728,12 +5730,12 @@ msgstr ""
- "es so aussehen, als ob große Gruppen keine Mitglieder hätten."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5744,19 +5746,42 @@ msgstr ""
- "Werte dieser Option werden durch OpenLDAP definiert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
- "»ldap.conf« angegeben)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (Ganzzahl)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die "
-+"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die "
-+"Werte dieser Option werden durch OpenLDAP definiert."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5768,7 +5793,7 @@ msgstr ""
- "nachgeschlagen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5779,7 +5804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5792,7 +5817,7 @@ msgstr ""
- "unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5803,12 +5828,12 @@ msgstr ""
- "Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5818,7 +5843,7 @@ msgstr ""
- "Werte angegeben werden:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5827,7 +5852,7 @@ msgstr ""
- "oder anfordern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5839,7 +5864,7 @@ msgstr ""
- "Sitzung fährt normal fort."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5850,7 +5875,7 @@ msgstr ""
- "ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5861,22 +5886,22 @@ msgstr ""
- "sofort beendet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = entspricht »demand«"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Voreinstellung: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5885,7 +5910,7 @@ msgstr ""
- "die <command>sssd</command> erkennen wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5894,12 +5919,12 @@ msgstr ""
- "<filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5913,33 +5938,33 @@ msgstr ""
- "Erstellen der korrekten Namen verwendet werden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
- "gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5947,12 +5972,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -5961,12 +5986,12 @@ msgstr ""
- "\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5978,19 +6003,19 @@ msgstr ""
- "verlassen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
- "Directory-ObjectSIDs."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6009,24 +6034,24 @@ msgstr ""
- "Abbildung von IDs wählen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6037,12 +6062,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6055,7 +6080,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6067,17 +6092,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6088,17 +6113,17 @@ msgstr ""
- "»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Voreinstellung: der Wert von »krb5_realm«"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6108,34 +6133,34 @@ msgstr ""
- "Bind in eine kanonische Form zu bringen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Voreinstellung: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6143,28 +6168,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Voreinstellung: 86400 (24 Stunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6183,7 +6208,7 @@ msgstr ""
- "Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6194,7 +6219,7 @@ msgstr ""
- "Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6206,29 +6231,29 @@ msgstr ""
- "migrieren."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6238,12 +6263,12 @@ msgstr ""
- "Kerberos >= 1.7 verfügbar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6259,7 +6284,7 @@ msgstr ""
- "manvolnum> </citerefentry> einrichten."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6270,12 +6295,12 @@ msgstr ""
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6284,7 +6309,7 @@ msgstr ""
- "Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6293,7 +6318,7 @@ msgstr ""
- "kann keine Server-seitigen Passwortregelwerke deaktivieren."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6304,7 +6329,7 @@ msgstr ""
- "manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -6316,7 +6341,7 @@ msgstr ""
- "Passwort geändert wurde."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -6326,17 +6351,17 @@ msgstr ""
- "festgelegten Regel."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6345,7 +6370,7 @@ msgstr ""
- "mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6359,28 +6384,28 @@ msgstr ""
- "merkliche Leistungsverbesserung bringen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Voreinstellung: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6389,17 +6414,17 @@ msgstr ""
- "soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -6408,12 +6433,12 @@ msgstr ""
- "Passwortänderung mit Unix-Zeit geändert wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6443,12 +6468,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Beispiel:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6460,7 +6485,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -6469,7 +6494,7 @@ msgstr ""
- "beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6478,17 +6503,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Voreinstellung: leer"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6497,7 +6522,7 @@ msgstr ""
- "Zugriffssteuerungsattribute aktiviert werden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6508,12 +6533,12 @@ msgstr ""
- "einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Die folgenden Werte sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6522,7 +6547,7 @@ msgstr ""
- "»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6535,7 +6560,7 @@ msgstr ""
- "gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6546,7 +6571,7 @@ msgstr ""
- "Zugriff erlaubt wird oder nicht."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6559,7 +6584,7 @@ msgstr ""
- "Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6570,24 +6595,24 @@ msgstr ""
- "»ldap_account_expire_policy« funktioniert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
- "sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6597,14 +6622,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6617,12 +6642,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6632,7 +6657,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6642,20 +6667,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6664,33 +6689,33 @@ msgstr ""
- "»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
- "ob Zugriff gewährt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Voreinstellung: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -6699,12 +6724,12 @@ msgstr ""
- "mehr als einmal benutzt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6713,22 +6738,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6737,12 +6762,12 @@ msgstr ""
- "folgenden Optionen sind erlaubt:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6752,7 +6777,7 @@ msgstr ""
- "Suche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6761,7 +6786,7 @@ msgstr ""
- "der Suche dereferenziert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6770,7 +6795,7 @@ msgstr ""
- "Orten des Basisobjekts der Suche dereferenziert."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6779,12 +6804,12 @@ msgstr ""
- "<emphasis>never</emphasis> gehandhabt.)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -6793,7 +6818,7 @@ msgstr ""
- "beizubehalten, die das Schema RFC2307 benutzen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6811,7 +6836,7 @@ msgstr ""
- "getpw*() oder initgroups() abzurufen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6822,36 +6847,29 @@ msgstr ""
- "die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6861,19 +6879,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
--"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
--"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
--"type=\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "SUDO-OPTIONEN"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6884,12 +6897,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -6899,7 +6912,7 @@ msgstr ""
- "heruntergeladen werden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -6908,17 +6921,17 @@ msgstr ""
- "emphasis> sein."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Voreinstellung: 21600 (6 Stunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6926,7 +6939,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -6935,7 +6948,7 @@ msgstr ""
- "das Attribut »modifyTimestamp« benutzt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6945,12 +6958,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -6960,12 +6973,12 @@ msgstr ""
- "Netzwerkadressen und Rechnernamen)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -6974,7 +6987,7 @@ msgstr ""
- "Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -6983,8 +6996,8 @@ msgstr ""
- "voll qualifizierten Domain-Namen automatisch herauszufinden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -6993,17 +7006,17 @@ msgstr ""
- "emphasis> ist, hat diese Option keine Auswirkungen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Voreinstellung: nicht angegeben"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7012,7 +7025,7 @@ msgstr ""
- "Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7021,12 +7034,12 @@ msgstr ""
- "herauszufinden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7035,12 +7048,12 @@ msgstr ""
- "eine Netzgruppe im Attribut »sudoHost« enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7049,14 +7062,14 @@ msgstr ""
- "einen Platzhalter im Attribut »sudoHost« enthält."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7069,59 +7082,59 @@ msgstr ""
- "manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "AUTOFS-OPTIONEN"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Der Name der Automount-Master-Abbildung in LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Voreinstellung: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "ERWEITERTE OPTIONEN"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7130,22 +7143,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7154,14 +7167,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "BEISPIEL"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7172,7 +7185,7 @@ msgstr ""
- "gesetzt ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7185,27 +7198,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7221,13 +7234,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "ANMERKUNGEN"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8879,7 +8892,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (Boolesch)"
-
-@@ -8894,7 +8907,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8916,12 +8929,12 @@ msgstr ""
- "Konfigurationsdatei migrieren."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (Ganzzahl)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8950,12 +8963,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Voreinstellung: 1200 (Sekunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8983,17 +8996,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -9001,7 +9014,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -9036,7 +9049,7 @@ msgstr ""
- "gefundenen als Sicherungsserver."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (Ganzzahl)"
-
-@@ -9052,12 +9065,12 @@ msgstr ""
- "Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -9082,12 +9095,12 @@ msgid "Default: False (disabled)"
- msgstr "Voreinstellung: False (deaktiviert)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (Boolesch)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -9096,48 +9109,48 @@ msgstr ""
- "DNS-Server verwenden soll"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -9264,26 +9277,26 @@ msgstr ""
- "zu verwenden."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10198,20 +10211,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:359
--#, fuzzy
--#| msgid ""
--#| "GPO-based access control functionality uses GPO policy settings to "
--#| "determine whether or not a particular user is allowed to logon to a "
--#| "particular host."
- msgid ""
- "GPO-based access control functionality uses GPO policy settings to determine "
- "whether or not a particular user is allowed to logon to the host. For more "
- "information on the supported policy settings please refer to the "
- "<quote>ad_gpo_map</quote> options."
- msgstr ""
--"Die GPO-basierte Zugriffskontrolle verwendet gesetzte GPO-Regeln, um zu "
--"ermitteln, ob sich ein bestimmter Benutzer an einem bestimmten Rechner "
--"anmelden darf."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:367
-@@ -10266,16 +10271,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:417
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the operation mode is set to enforcing, it is possible that "
--#| "users that were previously allowed logon access will now be denied logon "
--#| "access (as dictated by the GPO policy settings). In order to facilitate a "
--#| "smooth transition for administrators, a permissive mode is available that "
--#| "will not enforce the access control rules, but will evaluate them and "
--#| "will output a syslog message if access would have been denied. By "
--#| "examining the logs, administrators can then make the necessary changes "
--#| "before setting the mode to enforcing."
- msgid ""
- "NOTE: If the operation mode is set to enforcing, it is possible that users "
- "that were previously allowed logon access will now be denied logon access "
-@@ -10288,16 +10283,6 @@ msgid ""
- "functions' is required (see <citerefentry> <refentrytitle>sssctl</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)."
- msgstr ""
--"ACHTUNG: Wird der Operationsmodus auf »enforcing« gesetzt, dann ist es "
--"möglich, dass Benutzern, denen früher bereits einmal Zugriff gewährt wurde, "
--"ihnen dieser nun verweigert wird (sofern dies von den GPO-Regeln "
--"vorgeschrieben wird). Um Administratoren einen weichen Übergang zu "
--"ermöglichen, ist der Modus »permissive« verfügbar, der die Umsetzung der "
--"Zugriffskontrollregeln nicht erzwingt. Diese werden lediglich ausgewertet "
--"und eine Meldung geht an das Systemprotokoll, falls tatsächlich der Zugriff "
--"verweigert werden würde. Nach dem Untersuchen der Protokolle können "
--"Administratoren nun die nötigen Änderungen vornehmen, bevor der Modus auf "
--"»enforcing« gesetzt wird."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:436
-@@ -10849,9 +10834,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (Boolesch)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10868,19 +10871,19 @@ msgstr ""
- "»dyndns_iface« angegeben wurde."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Voreinstellung: 3600 (Sekunden)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10890,12 +10893,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Voreinstellung: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10907,7 +10910,7 @@ msgstr ""
- "Optionen von AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10931,7 +10934,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10943,7 +10946,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10954,7 +10957,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10964,7 +10967,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -11553,17 +11556,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, "
--"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher "
--"nicht."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -12779,20 +12775,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Weitere Informationen über die Locator-Erweiterung finden Sie auf der "
--"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -15539,25 +15527,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the AD provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
--"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -15586,10 +15561,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -15603,10 +15576,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -15617,17 +15588,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Voreinstellung: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -15638,10 +15605,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Voreinstellung: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15842,17 +15807,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "user_attributes = +telephoneNumber, -loginShell\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"user_attributes = +telephoneNumber, -loginShell\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -16121,10 +16081,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (Zeichenkette)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -16143,28 +16101,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "SSSD LDAP-Anbieter"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -16172,11 +16118,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt "
--"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -17043,10 +16984,8 @@ msgstr "ldap_group_modify_timestamp (Zeichenkette)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (Zeichenkette)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -17271,10 +17210,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "DIENSTABSCHNITTE"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -17522,10 +17459,8 @@ msgstr "Voreinstellung: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "AUTOFS-OPTIONEN"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -17825,10 +17760,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (Ganzzahl)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -19037,20 +18970,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Voreinstellung: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (Ganzzahl)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
-diff --git a/src/man/po/es.po b/src/man/po/es.po
-index f32f5fbae..3f20f2a0d 100644
---- a/src/man/po/es.po
-+++ b/src/man/po/es.po
-@@ -13,12 +13,13 @@
- # Daniel Cabrera <logan@fedoraproject.org>, 2011
- # Emilio Herrera <ehespinosa57@gmail.com>, 2018. #zanata
- # Emilio Herrera <ehespinosa57@gmail.com>, 2019. #zanata
-+# Emilio Herrera <ehespinosa57@gmail.com>, 2020. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
--"PO-Revision-Date: 2019-11-16 03:52+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
-+"PO-Revision-Date: 2020-01-30 03:01+0000\n"
- "Last-Translator: Emilio Herrera <ehespinosa57@gmail.com>\n"
- "Language-Team: Spanish (http://www.transifex.com/projects/p/sssd/language/"
- "es/)\n"
-@@ -364,9 +365,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Predeterminado: true"
-@@ -389,16 +390,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Predeterminado: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -430,7 +431,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Predeterminado: 10"
-
-@@ -643,10 +644,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (booleano)"
-+msgstr "monitor_resolv_conf (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -654,6 +653,8 @@ msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
- msgstr ""
-+"Controla si SSSD monitorizaría el estado de resolv.conf para identificar "
-+"cuando necesita actualizar su interfaz de resolución DNS interno."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:335
-@@ -662,21 +663,14 @@ msgstr "try_inotify (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD monitorea el estado de resolv.conf para saber cuando es necesario "
--"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para "
--"ello la herramienta inotify, quien consultará a resolv.conf cada cinco "
--"segundos en caso que inotify no pueda ser utilizado."
-+"Por defecto, SSSD intentará usar inotify para monitorizar cambios en los "
-+"ficheros de configuración y volverá a sondear cada cinco segundos si inotify "
-+"no puede ser usado."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -796,13 +790,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -813,15 +800,19 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Por favor advierta que si se ajusta esta opción todos los usuarios del "
--"domino primario tiene que usar su nombre totalmente cualificado, e.g. "
--"user@domain.name, para acceder. Fijando esta opción cambia el predeterminado "
--"de use_fully_qualified_names a True. No está permitido usar esta opción unto "
--"con use_fully_qualified_names fijado a False."
-+"Por favor advierta que si esta opción está establecida todos los usuarios "
-+"del dominio primario tienen que usar su nombre totalmente cualificado, e.g. "
-+"user@domain.name, para acceder. El establecimiento de esta opción cambia el "
-+"comportamiento predeterminado de use_fully_qualified_names a True. No está "
-+"permitido el uso de esta opción junto con use_fully_qualified_names "
-+"establecido a False. Una excepción de esta regla son los dominios con "
-+"<quote>id_provider=files</quote> que siempre intentan igualar el "
-+"comportamiento de nss_files y por lo tanto su salida es no cualificada aún "
-+"cuando se use la opción default_domain_suffix."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -892,15 +883,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:483
--#, fuzzy
--#| msgid "no_ocsp"
- msgid "soft_ocsp"
--msgstr "no_ocsp"
-+msgstr "soft_ocsp"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:485 sssd.conf.5.xml:585
- msgid "(NSS Version) This option is ignored."
--msgstr ""
-+msgstr "(Versión NSS) Esta opción es ignorada."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:488
-@@ -910,11 +899,15 @@ msgid ""
- "authentication when the system is offline and the OCSP responder cannot be "
- "reached."
- msgstr ""
-+"(Versión OpenSSL) S no se puede establecer una conexión con un contestador "
-+"OCSP la comprobación OCSP es saltada. Esta opción debería ser usada para "
-+"permitir la autenticación cuando el sistema no está en línea y el "
-+"contestador OCSP no puede ser alcanzado."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:498
- msgid "ocsp_dgst"
--msgstr ""
-+msgstr "ocsp_dgst"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:500
-@@ -922,39 +915,41 @@ msgid ""
- "Digest (hash) function used to create the certificate ID for the OCSP "
- "request. Allowed values are:"
- msgstr ""
-+"Función resumen (picadillo) usada para crear la ID del certificado para la "
-+"petición OCSP. Los valores permitidos son:"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:504
- msgid "sha1"
--msgstr ""
-+msgstr "sha1"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:505
- msgid "sha256"
--msgstr ""
-+msgstr "sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:506
- msgid "sha384"
--msgstr ""
-+msgstr "sha384"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:507
- msgid "sha512"
--msgstr ""
-+msgstr "sha512"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Predeterminado: 5"
-+msgstr "Predeterminado: sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
- msgid ""
- "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally."
- msgstr ""
-+"(Versión NSS) Esta opción es ignorada, porque NSS usa sha1 "
-+"incondicionalmente."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:518
-@@ -1060,7 +1055,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:583
- msgid "soft_crl"
--msgstr ""
-+msgstr "soft_crl"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:588
-@@ -1070,6 +1065,10 @@ msgid ""
- "allow authentication when the system is offline and the CRL cannot be "
- "renewed."
- msgstr ""
-+"(Versión OpenSSL) Si una Lista de Revocación de Certificado (CRL) expira "
-+"ignora las comprobaciones CRL para los certificados relacionados. Esta "
-+"opción debería ser usada para permitir la autenticación cuando el sistema "
-+"está fuera de linea y la CRL no puede ser renovada."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:468
-@@ -2137,7 +2136,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Predeterminado: 0"
-
-@@ -2215,7 +2214,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Predeterminado: none"
-
-@@ -2294,8 +2293,8 @@ msgstr ""
- "de autenticación esta opción está deshabilitada por defecto."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Por defecto: False"
-@@ -2674,10 +2673,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (cadena)"
-+msgstr "ssh_use_certificate_matching_rules (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2688,6 +2685,11 @@ msgid ""
- "comma separated list of mapping and matching rule names. All other rules "
- "will be ignored."
- msgstr ""
-+"Por defecto el contestador ssh usará todos los certificados disponibles que "
-+"coincidan con las reglas para filtrar los certificados de modo que las "
-+"claves ssh solo se derivarán a los que coincidan. Con esta opción las reglas "
-+"usadas pueden ser restringidas con una lista separada por comas de nombres "
-+"de reglas que coincidan y mapeen. Todas las demás reglas serán ignoradas."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1763
-@@ -2695,13 +2697,13 @@ msgid ""
- "If a non-existing rule name is given all rules will be ignored and all "
- "available certificates will be used to derive ssh keys."
- msgstr ""
-+"Si se da un nombre de regla que no existe todas las reglas serán ignoradas y "
-+"los certificados disponibles serán usados para derivar claves ssh."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Por defecto: no ajustado (los espacios no serán reemplazados)"
-+msgstr "Predetermindo: no establecido, son usadas todas las reglas encontradas"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -3367,11 +3369,16 @@ msgid ""
- "user, typically ran at login) operation in the past, both the user entry "
- "and the group membership are updated."
- msgstr ""
-+"El refresco en segundo plano procesará usuarios, grupos y netgroups en el "
-+"cache. Para usuarios que han llevado a cabo el anteriormente initgroups "
-+"(obtener la membresía de grupo para el usuario, normalmente ejecutando "
-+"login), tanto la entrada usuario y la membresia de grupo son actualizados."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2263
- msgid "This option is automatically inherited for all trusted domains."
- msgstr ""
-+"Esta opción se hereda automáticamente para todos los dominios de confianza."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2267
-@@ -4613,13 +4620,6 @@ msgstr "hybrid"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3205
--#, fuzzy
--#| msgid ""
--#| "A primary group is autogenerated for user entries whose UID and GID "
--#| "numbers have the same value and at the same time the GID number does not "
--#| "correspond to a real group object in LDAP If the values are the same, but "
--#| "the primary GID in the user entry is also used by a group object, the "
--#| "primary GID of the user resolves to that group object."
- msgid ""
- "A primary group is autogenerated for user entries whose UID and GID numbers "
- "have the same value and at the same time the GID number does not correspond "
-@@ -4627,11 +4627,11 @@ msgid ""
- "GID in the user entry is also used by a group object, the primary GID of the "
- "user resolves to that group object."
- msgstr ""
--"Un grupo primario se autogenera para las entradas de usuario cuyos números "
--"UID y GID tienen los mismos valores y al mismo tiempo el número GID no "
--"coresponde a un objeto grupo real en LDAP si los valores son los mismos, "
--"pero el GID primario en la entrada de usuario se usa también por un objeto "
--"grupo, el GID primario del usaurio resuelve a este objeto grupo."
-+"Se autogenera un grupo primario para las entradas de usuario cuyos números "
-+"UID y GID tienen el mismo valor y al mismo tiempo el número GID no "
-+"corresponde un objeto grupo real en LDAP. Si los valores son los mismos "
-+"pero el GID primario en la entrada de usuario es también usado por un objeto "
-+"grupo, el GID primario del usuario se resuelve al de ese objeto grupo."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3218
-@@ -5377,22 +5377,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3693
--#, fuzzy
--#| msgid ""
--#| "With the growing number of authentication methods and the possibility "
--#| "that there are multiple ones for a single user the heuristic used by "
--#| "pam_sss to select the prompting might not be suitable for all use cases. "
--#| "To following options should provide a better flexibility here."
- msgid ""
- "With the growing number of authentication methods and the possibility that "
- "there are multiple ones for a single user the heuristic used by pam_sss to "
- "select the prompting might not be suitable for all use cases. The following "
- "options should provide a better flexibility here."
- msgstr ""
--"Con el creciente número de métodos de autenticación kyh la posibilidad de "
--"que haya múltiples para un solo usuario la heurística usada por pam_sss "
--"podría no ser adecuada para todos los casos de uso. Las siguientes opciones "
--"suministrarían una mejor flexibilidad aquí."
-+"Con el creciente número de métodos de autenticación y la la posibilidad de "
-+"que haya múltiples para un único usuario la heurística usada por pam_sss "
-+"para seleccionar la solicitud podría no ser adecuada para todos los casos. "
-+"Las siguientes opciones deberían suministrar una mejor flexibilidad aquí."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:3705
-@@ -5450,19 +5444,14 @@ msgstr "single_prompt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3730
--#, fuzzy
--#| msgid ""
--#| "boolean value, if True there will be only a single prompt using the value "
--#| "of first_prompt where it is expected that both factor are entered as a "
--#| "single string"
- msgid ""
- "boolean value, if True there will be only a single prompt using the value of "
- "first_prompt where it is expected that both factors are entered as a single "
- "string"
- msgstr ""
--"valor booleano, si True habrá solo una única consulta usando el valor de "
--"first_prompt donde se espera que el factor sea introducido como una única "
--"cadena"
-+"valor booleano, si True habrá una única pregunta usando el valor de "
-+"first_prompt donde se espera que ambos factores se introduzcan como una "
-+"única cadena"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3719
-@@ -5475,12 +5464,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3700
--#, fuzzy
--#| msgid ""
--#| "Each supported authentication method has it's own configuration sub-"
--#| "section under <quote>[prompting/...]</quote>. Currently there are: "
--#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#| "\"variablelist\" id=\"1\"/>"
- msgid ""
- "Each supported authentication method has its own configuration subsection "
- "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
-@@ -5493,19 +5476,14 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3742
--#, fuzzy
--#| msgid ""
--#| "It is possible to add a sub-section for specific PAM services like e.g. "
--#| "<quote>[prompting/password/sshd]</quote> to individual change the "
--#| "prompting for this service."
- msgid ""
- "It is possible to add a subsection for specific PAM services, e.g. "
- "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
- "for this service."
- msgstr ""
--"Es posible añadir una subsección para srvicios PAM especificos como e.g. "
--"<quote>[prompting/password/sshd]</quote> para cambio individual de la "
--"consulta para este servicio."
-+"Es posible añadir una subsección para servicios PAM específicos, e.g. "
-+"<quote>[prompting/password/sshd]</quote> para el cambio individual de la "
-+"pregunta para este servicio."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43
-@@ -6301,17 +6279,38 @@ msgstr ""
- "temprano (este valor contra el tiempo de vida TGT)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Predeterminado: 900 (15 minutos)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (entero)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -6320,17 +6319,17 @@ msgstr ""
- "Algunos servidores LDAP hacen cumplir un límite máximo por petición."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Predeterminado: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -6341,7 +6340,7 @@ msgstr ""
- "RootDSE pero no está habilitado o no se comporta apropiadamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -6351,7 +6350,7 @@ msgstr ""
- "pero es incapaz de usarlo."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -6362,17 +6361,17 @@ msgstr ""
- "puede ocasionar que algunas peticiones sean denegadas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Deshabilitar la recuperación del rango de Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -6388,12 +6387,12 @@ msgstr ""
- "miembros."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -6404,19 +6403,42 @@ msgstr ""
- "de esta opción son definidos por OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
- "conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (entero)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el "
-+"nivel de seguridad mínimo necesario para establecer la conexión. Los valores "
-+"de esta opción son definidos por OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -6427,7 +6449,7 @@ msgstr ""
- "deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -6444,7 +6466,7 @@ msgstr ""
- "lo soporta y auncia el control de la desreferencia en el objeto rootDSE."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -6457,7 +6479,7 @@ msgstr ""
- "soportados son 389/RHDS, OpenLDAP y Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -6468,12 +6490,12 @@ msgstr ""
- "será deshabilitado sin tener en cuenta este ajuste."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -6483,7 +6505,7 @@ msgstr ""
- "los siguientes valores:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -6492,7 +6514,7 @@ msgstr ""
- "certificado de servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6503,7 +6525,7 @@ msgstr ""
- "certificado malo, será ignorado y la sesión continua normalmente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6514,7 +6536,7 @@ msgstr ""
- "certificado malo, la sesión se termina inmediatamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -6525,22 +6547,22 @@ msgstr ""
- "termina inmediatamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Predeterminado: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -6549,7 +6571,7 @@ msgstr ""
- "de Certificación que <command>sssd</command> reconocerá."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -6558,12 +6580,12 @@ msgstr ""
- "etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -6577,33 +6599,33 @@ msgstr ""
- "para crear los nombres correctos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
- "Especifica el fichero que contiene el certificado para la clave del cliente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Especifica el archivo que contiene la clave del cliente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -6614,12 +6636,12 @@ msgstr ""
- "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6628,12 +6650,12 @@ msgstr ""
- "<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6644,18 +6666,18 @@ msgstr ""
- "ldap_user_uid_number y ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr "ldap_min_id, ldap_max_id (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6673,17 +6695,17 @@ msgstr ""
- "el servidor. Los subdominios pueden elegir otros rangos para asignar IDs."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Predeterminado: no establecido (ambas opciones se establecen a 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
-@@ -6692,7 +6714,7 @@ msgstr ""
- "soportados GSSAPI y GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6709,12 +6731,12 @@ msgstr ""
- "manvolnum></citerefentry> para más detalles."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6734,7 +6756,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6754,17 +6776,17 @@ msgstr ""
- "en la pestaña."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Por defecto: host/nombre_de_host@REALM"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6775,17 +6797,17 @@ msgstr ""
- "reino también, esta opción se ignora."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Por defecto: el valor de krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6794,34 +6816,34 @@ msgstr ""
- "para para canocalizar el nombre de host durante una unión SASL."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Predeterminado: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr "Especifica la pestaña a usar cuando se utiliza SASL/GSSAPI/GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Por defecto: Keytab del sistema, normalmente <filename>/etc/krb5.keytab</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6832,12 +6854,12 @@ msgstr ""
- "es GSSAPI o GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-@@ -6845,17 +6867,17 @@ msgstr ""
- "SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Predeterminado: 86400 (24 horas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6874,7 +6896,7 @@ msgstr ""
- "información, vea la sección <quote>SERVICE DISCOVERY</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6885,7 +6907,7 @@ msgstr ""
- "regresa a _tcp si no se encuentra nada."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6897,30 +6919,30 @@ msgstr ""
- "configuración para usar <quote>krb5_server</quote> en su lugar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
- "Especifica el REALM Kerberos (para autorización SASL/GSSAPI/GSS-SPNEGO)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Predeterminado: Predeterminados del sistema, vea <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6929,12 +6951,12 @@ msgstr ""
- "servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6949,7 +6971,7 @@ msgstr ""
- "manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6961,12 +6983,12 @@ msgstr ""
- "localizador."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6975,7 +6997,7 @@ msgstr ""
- "del cliente. Los siguientes valores son permitidos:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6984,7 +7006,7 @@ msgstr ""
- "no puede deshabilitar las políticas de password en el lado servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6995,7 +7017,7 @@ msgstr ""
- "manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -7007,7 +7029,7 @@ msgstr ""
- "password."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -7017,19 +7039,19 @@ msgstr ""
- "establecida por esta opción."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
- "Especifica si el seguimiento de referencias automático debería ser "
- "habilitado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -7038,7 +7060,7 @@ msgstr ""
- "está compilado con OpenLDAP versión 2.4.13 o más alta."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -7051,29 +7073,29 @@ msgstr ""
- "esta opción a false le llevará a una notable mejora de rendimiento."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Especifica el nombre del servicio para utilizar cuando está habilitado el "
- "servicio de descubrimiento."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Predeterminado: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -7083,17 +7105,17 @@ msgstr ""
- "descubrimiento."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -7102,12 +7124,12 @@ msgstr ""
- "desde el Epoch después de una operación de cambio de contraseña."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -7135,12 +7157,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Ejemplo:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -7152,7 +7174,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -7161,7 +7183,7 @@ msgstr ""
- "usuarios cuyo atributo employeeType esté establecido a \"admin\"."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -7174,17 +7196,17 @@ msgstr ""
- "se les seguirán otorgando acceso sin conexión y viceversa."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Predeterminado: vacío"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -7193,7 +7215,7 @@ msgstr ""
- "control de acceso del lado cliente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -7204,12 +7226,12 @@ msgstr ""
- "una código de error definible aunque el password sea correcto."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Los siguientes valores están permitidos:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -7218,7 +7240,7 @@ msgstr ""
- "determinar si la cuenta ha expirado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -7231,7 +7253,7 @@ msgstr ""
- "se comprueba el tiempo de expiración de la cuenta."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -7242,7 +7264,7 @@ msgstr ""
- "el acceso o no."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -7255,7 +7277,7 @@ msgstr ""
- "permitido. Si ambos atributos están desaparecidos se concede el acceso."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -7266,24 +7288,24 @@ msgstr ""
- "la opción ldap_account_expire_policy funcione."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Lista separada por coma de opciones de control de acceso. Los valores "
- "permitidos son:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7299,7 +7321,7 @@ msgstr ""
- "funciones."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
-@@ -7309,7 +7331,7 @@ msgstr ""
- "</emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7331,12 +7353,12 @@ msgstr ""
- "estar establecido para que esta característica funcione."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -7351,7 +7373,7 @@ msgstr ""
- "método distinto a las contraseñas - por ejemplo claves SSH."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -7366,7 +7388,7 @@ msgstr ""
- "inmediatamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-@@ -7374,7 +7396,7 @@ msgstr ""
- "explícito."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
-@@ -7384,7 +7406,7 @@ msgstr ""
- "para una política de contraseña apropiada."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -7393,13 +7415,13 @@ msgstr ""
- "autorizedService para determinar el acceso"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
-@@ -7408,7 +7430,7 @@ msgstr ""
- "host remoto puede acceder"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
-@@ -7418,12 +7440,12 @@ msgstr ""
- "opción de control de acceso"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Predeterminado: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -7432,12 +7454,12 @@ msgstr ""
- "una vez."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -7451,22 +7473,22 @@ msgstr ""
- "LDAP no pueden verificarse correctamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Ejemplo: cn=ppolicy,ou=policies,dc=example,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Predeterminado: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -7475,13 +7497,13 @@ msgstr ""
- "lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
- "<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -7491,7 +7513,7 @@ msgstr ""
- "búsqueda."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -7500,7 +7522,7 @@ msgstr ""
- "cuando se localice el objeto base de la búsqueda."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -7509,7 +7531,7 @@ msgstr ""
- "para la búsqueda como en la localización del objeto base de la búsqueda."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -7518,12 +7540,12 @@ msgstr ""
- "librerías cliente LDAP)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -7532,7 +7554,7 @@ msgstr ""
- "servidores que usan el esquema RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -7550,7 +7572,7 @@ msgstr ""
- "llamadas getpw*() o initgroups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -7561,12 +7583,12 @@ msgstr ""
- "initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr "wildcard_limit (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
-@@ -7575,25 +7597,18 @@ msgstr ""
- "descargadas durante una búsqueda de comodín."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
- "En este momento solo el respondedor InfoPipe soporta búsqueda de comodín"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr "Predeterminado: 1000 (frecuentemente el tamaño de una página)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -7603,19 +7618,22 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Todas las opciones de configuración comunes que se aplican a los dominios "
--"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
-+"Todas las opciones comunes de configuración que se aplican a los dominios "
-+"SSSD tambien se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
- "SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
--"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
-+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para todos los "
-+"detalles. Advierta que los atributos de mapeo SSSD LDAP están descritos en "
-+"la página de manual <citerefentry> <refentrytitle>sssd-ldap-attributes</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder type="
-+"\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "OPCIONES SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -7626,12 +7644,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -7641,7 +7659,7 @@ msgstr ""
- "servidor)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -7650,17 +7668,17 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Por defecto: 21600 (6 horas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -7672,7 +7690,7 @@ msgstr ""
- "actualmente SSSD)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -7681,7 +7699,7 @@ msgstr ""
- "atributo modifyTimestamp."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -7697,12 +7715,12 @@ msgstr ""
- "<emphasis>ldap_connection_expire_timeout</emphasis>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -7711,12 +7729,12 @@ msgstr ""
- "máquina (usando las direcciones de host/red y nombres de host IPv4 o IPv6)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7725,7 +7743,7 @@ msgstr ""
- "totalmente cualificados que sería usada para filtrar las reglas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7734,8 +7752,8 @@ msgstr ""
- "nombre de dominio totalmente cualificado automáticamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7744,17 +7762,17 @@ msgstr ""
- "emphasis> esta opción no tiene efecto."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Por defecto: no especificado"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7763,7 +7781,7 @@ msgstr ""
- "usada para filtrar las reglas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7772,12 +7790,12 @@ msgstr ""
- "automáticamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "sudo_include_netgroups (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7786,12 +7804,12 @@ msgstr ""
- "atributo sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (booleano)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7800,7 +7818,7 @@ msgstr ""
- "atributo sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
-@@ -7809,7 +7827,7 @@ msgstr ""
- "del servidor LDAP!"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7822,12 +7840,12 @@ msgstr ""
- "manvolnum> </citerefentry>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "OPCIONES AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
-@@ -7836,47 +7854,47 @@ msgstr ""
- "esquema LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "El nombre del mapa maestro de montaje automático en LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Pfredeterminado: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPCIONES AVANZADAS"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7889,22 +7907,22 @@ msgstr ""
- "función, si los nombres de grupo no están siendo visualizados correctamente."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7917,14 +7935,14 @@ msgstr ""
- "<placeholder type=\"variablelist\" id=\"1\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EJEMPLO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7935,7 +7953,7 @@ msgstr ""
- "replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7955,20 +7973,20 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr "EJEMPLO DE FILTRO DE ACCESO LDAP"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
-@@ -7977,7 +7995,7 @@ msgstr ""
- "ldap_access_order=lockout."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -8003,13 +8021,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTAS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -9937,7 +9955,7 @@ msgstr ""
- "este host. El nombre de host debe ser totalmente cualificado."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (booleano)"
-
-@@ -9957,7 +9975,7 @@ msgstr ""
- "otra manera utilizando la opción <quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -9978,12 +9996,12 @@ msgstr ""
- "usar <emphasis>dyndns_update</emphasis> en su fichero de configuración."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (entero)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -10010,12 +10028,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Por defecto: 1200 (segundos)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -10046,17 +10064,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -10064,7 +10082,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -10091,7 +10109,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -10104,12 +10122,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -10128,60 +10146,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -10306,26 +10324,26 @@ msgstr ""
- "convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -11800,9 +11818,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (booleano)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -11812,19 +11848,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -11834,12 +11870,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Predeterminado: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -11850,7 +11886,7 @@ msgstr ""
- "Este ejemplo muestra sólo las opciones específicas del proveedor AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -11874,7 +11910,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -11886,7 +11922,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -11897,7 +11933,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -11907,7 +11943,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -12480,16 +12516,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
--#| "client applications will not use the fast in-memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"AVISO: Si la variable de entorno SSS_NSS_USE_MEMCACHE estça fijada a \"NO\", "
--"las aplicaciones clientes no usaran la memoria cache rápida."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -13630,21 +13660,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Vea la página de manual <citerefentry> "
--"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry> para más información sobre el complemento "
--"localizador."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -16323,26 +16344,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the AD provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Esta página de manual describe la configuración del proveedor AD para "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
--"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -16371,10 +16378,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (entero)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -16388,10 +16393,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id, max_id (entero)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -16402,17 +16405,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Predeterminado: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (entero)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -16423,10 +16422,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Predeterminado: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -16627,17 +16624,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "auth sufficient pam_sss.so allow_missing_name\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"auth sufficient pam_sss.so allow_missing_name\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -16906,10 +16898,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -16928,28 +16918,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Proveedor SSSD LDAP"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -16957,11 +16935,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Esta página de manual describe la configuración de dominios LDAP para "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de "
--"manual <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry> para información detallada de la sintáxis."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -17850,10 +17823,8 @@ msgstr "ldap_group_modify_timestamp (cadena)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (cadena)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -18083,10 +18054,8 @@ msgstr "Atributo LDAP que contiene las UUID/GUID de un objeto host LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SECCIONES DE SERVICIOS"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -18334,10 +18303,8 @@ msgstr "Por defecto: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "OPCIONES AUTOFS"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -18649,10 +18616,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (entero)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -19779,27 +19744,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid ""
--#~ "The background refresh will process users, groups and netgroups in the "
--#~ "cache."
--#~ msgstr ""
--#~ "El refresco en segundo plano procesará usuarios grupos y grupos de red en "
--#~ "la caché."
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Predeterminado: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (entero)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
-diff --git a/src/man/po/eu.po b/src/man/po/eu.po
-index 60d333c05..a122f6ce6 100644
---- a/src/man/po/eu.po
-+++ b/src/man/po/eu.po
-@@ -5,9 +5,9 @@
- # Translators:
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-14 11:55+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Basque (http://www.transifex.com/projects/p/sssd/language/"
-@@ -294,9 +294,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -316,16 +316,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -354,7 +354,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -652,8 +652,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -1733,7 +1733,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1797,7 +1797,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1862,8 +1862,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5032,34 +5032,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5067,14 +5086,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5082,17 +5101,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5102,12 +5121,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5115,17 +5134,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5133,7 +5165,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5144,7 +5176,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5153,7 +5185,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5161,26 +5193,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5188,7 +5220,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5196,7 +5228,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5204,41 +5236,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5247,32 +5279,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5280,24 +5312,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5305,17 +5337,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5326,24 +5358,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5354,12 +5386,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5372,7 +5404,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5384,17 +5416,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5402,49 +5434,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5452,28 +5484,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5485,7 +5517,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5493,7 +5525,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5501,39 +5533,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5543,7 +5575,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5551,26 +5583,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5578,7 +5610,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5586,31 +5618,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5619,56 +5651,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5684,12 +5716,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5698,14 +5730,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5714,24 +5746,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5739,19 +5771,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5760,7 +5792,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5768,7 +5800,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5777,7 +5809,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5785,22 +5817,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5810,14 +5842,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5830,12 +5862,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5845,7 +5877,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5855,63 +5887,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5920,74 +5952,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5998,7 +6030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6006,24 +6038,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6040,12 +6072,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6053,36 +6085,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6090,14 +6122,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6107,101 +6139,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6210,59 +6242,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6271,22 +6303,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6295,14 +6327,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6310,7 +6342,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6323,27 +6355,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6359,13 +6391,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7895,7 +7927,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7910,7 +7942,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7925,12 +7957,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7951,12 +7983,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7980,17 +8012,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7998,7 +8030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8025,7 +8057,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8038,12 +8070,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8062,60 +8094,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8229,26 +8261,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9688,9 +9720,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9700,19 +9748,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9722,12 +9770,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9735,7 +9783,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9750,7 +9798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9759,7 +9807,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9767,7 +9815,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9777,7 +9825,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-diff --git a/src/man/po/fi.po b/src/man/po/fi.po
-index 34eec244a..3522376ce 100644
---- a/src/man/po/fi.po
-+++ b/src/man/po/fi.po
-@@ -1,9 +1,9 @@
- # Toni Rantala <trantalafilo@gmail.com>, 2017. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2017-03-24 08:46+0000\n"
- "Last-Translator: Toni Rantala <trantalafilo@gmail.com>\n"
- "Language-Team: Finnish\n"
-@@ -289,9 +289,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Oletus:tosi"
-@@ -311,16 +311,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Oletus:epätosi"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -349,7 +349,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -647,8 +647,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -757,10 +757,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: false"
- msgid "Default: sha256"
--msgstr "Oletus:epätosi"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1730,7 +1728,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1794,7 +1792,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1859,8 +1857,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -2196,10 +2194,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Oletus: ei asetettu(välilyöntejä ei korvata)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5033,34 +5029,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5068,14 +5083,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5083,17 +5098,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5103,12 +5118,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5116,17 +5131,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5134,7 +5162,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5145,7 +5173,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5154,7 +5182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5162,26 +5190,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5189,7 +5217,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5197,7 +5225,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5205,41 +5233,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5248,32 +5276,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5281,24 +5309,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5306,17 +5334,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5327,24 +5355,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5355,12 +5383,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5373,7 +5401,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5385,17 +5413,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5403,49 +5431,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5453,28 +5481,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5486,7 +5514,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5494,7 +5522,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5502,39 +5530,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5544,7 +5572,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5552,26 +5580,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5579,7 +5607,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5587,31 +5615,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5620,56 +5648,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5685,12 +5713,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5699,14 +5727,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5715,24 +5743,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5740,19 +5768,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5761,7 +5789,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5769,7 +5797,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5778,7 +5806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5786,22 +5814,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5811,14 +5839,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5831,12 +5859,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5846,7 +5874,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5856,63 +5884,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5921,74 +5949,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5999,7 +6027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6007,24 +6035,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6041,12 +6069,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6054,36 +6082,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6091,14 +6119,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6108,101 +6136,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6211,59 +6239,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6272,22 +6300,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6296,14 +6324,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6311,7 +6339,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6324,27 +6352,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6360,13 +6388,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7896,7 +7924,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7911,7 +7939,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7926,12 +7954,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7952,12 +7980,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7981,17 +8009,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7999,7 +8027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8026,7 +8054,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8039,12 +8067,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8063,60 +8091,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8230,26 +8258,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9689,9 +9717,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "debug_timestamps (bool)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "debug_timestamps (bool)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9701,19 +9747,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9723,12 +9769,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9736,7 +9782,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9751,7 +9797,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9760,7 +9806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9768,7 +9814,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9778,7 +9824,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13870,10 +13916,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13887,10 +13931,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "enum_cache_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13901,17 +13943,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: true"
- msgid "Default: 64"
--msgstr "Oletus:tosi"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "enum_cache_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -13922,10 +13960,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: true"
- msgid "Default: 65536"
--msgstr "Oletus:tosi"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-diff --git a/src/man/po/fr.po b/src/man/po/fr.po
-index adea5d1a6..aa86c5c23 100644
---- a/src/man/po/fr.po
-+++ b/src/man/po/fr.po
-@@ -14,9 +14,9 @@
- # Jérôme Fenal <jfenal@gmail.com>, 2016. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2016-03-19 03:04+0000\n"
- "Last-Translator: Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>\n"
- "Language-Team: French (http://www.transifex.com/projects/p/sssd/language/"
-@@ -338,9 +338,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Par défaut : true"
-@@ -363,16 +363,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Par défaut : false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -401,7 +401,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Par défaut : 10"
-
-@@ -599,10 +599,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (booléen)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -618,21 +616,11 @@ msgstr "try_inotify (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD gère l'état de resolv.conf pour identifier les besoins de mise à jour "
--"des résolutions DNS internes. Par défaut, l'utilisation de inotify sera "
--"tentée, et reviendra à une interrogation de resolv.conf toutes les cinq "
--"secondes si inotify échoue."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -742,13 +730,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -759,16 +740,10 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Noter que, si cette option est définie, tous les utilisateurs du domaine "
--"principal doivent utiliser leur nom pleinement qualifié, par exemple "
--"user@domain.name, pour se connecter. L'utilisation de cette option modifie "
--"la valeur par défaut de use_fully_qualified_names à True. Il n'est pas "
--"possible ni autorisé d'utiliser cette option avec l'option "
--"use_fully_qualified_names à False."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -883,10 +858,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Par défaut : 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1969,7 +1942,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> pour un domaine particulier."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Par défaut : 0"
-
-@@ -2038,7 +2011,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Par défaut : aucun"
-
-@@ -2103,8 +2076,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Par défaut : False"
-@@ -2434,10 +2407,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (chaîne)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2458,10 +2429,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Par défaut : non défini (les espaces ne seront pas remplacées)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5687,17 +5656,38 @@ msgstr ""
- "courte des deux valeurs entre celle-ci et la durée de vie TGT sera utilisée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Par défaut : 900 (15 minutes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (entier)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -5706,17 +5696,17 @@ msgstr ""
- "Certains serveurs LDAP imposent une limite maximale par requête."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Par défaut : 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5728,7 +5718,7 @@ msgstr ""
- "correctement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -5738,7 +5728,7 @@ msgstr ""
- "sera impossible de l'utiliser."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5749,17 +5739,17 @@ msgstr ""
- "cela peut entraîner l'échec de certaines demandes."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Désactiver la récupération de plage Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5775,12 +5765,12 @@ msgstr ""
- "apparaissant ainsi sans aucun membre."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5791,19 +5781,42 @@ msgstr ""
- "de cette option sont définies par OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Par défaut : Utiliser la valeur par défaut du système (généralement spécifié "
- "par ldap.conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (integer)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Lors de la communication avec un serveur LDAP en utilisant SASL, spécifie le "
-+"niveau de sécurité minimal nécessaire pour établir la connexion. Les valeurs "
-+"de cette option sont définies par OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5814,7 +5827,7 @@ msgstr ""
- "membres manquants est inférieur, ils sont recherchés individuellement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5825,7 +5838,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5838,7 +5851,7 @@ msgstr ""
- "acceptés sont 389/RHDS, OpenLDAP et Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5849,12 +5862,12 @@ msgstr ""
- "déréférencement est désactivée indépendamment de ce paramètre."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5863,7 +5876,7 @@ msgstr ""
- "session TLS, si elle existe. Une des valeurs suivantes est utilisable :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5872,7 +5885,7 @@ msgstr ""
- "quelconque certificat du serveur."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5883,7 +5896,7 @@ msgstr ""
- "certificat est fourni, il est ignoré et la session continue normalement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5894,7 +5907,7 @@ msgstr ""
- "certificat est fourni, la session se termine immédiatement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5905,22 +5918,22 @@ msgstr ""
- "immédiatement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> : identique à <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Par défaut : hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5929,7 +5942,7 @@ msgstr ""
- "certification que <command>sssd</command> reconnaîtra."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5938,12 +5951,12 @@ msgstr ""
- "<filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5957,32 +5970,32 @@ msgstr ""
- "corrects."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "Définit le fichier qui contient le certificat pour la clef du client."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Définit le fichier qui contient la clef du client."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5990,12 +6003,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6005,12 +6018,12 @@ msgstr ""
- "canal."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6022,19 +6035,19 @@ msgstr ""
- "ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "Cette fonctionnalité ne prend actuellement en charge que la correspondance "
- "par objectSID avec Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6054,24 +6067,24 @@ msgstr ""
- "identifiants."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Par défaut : non indiqué (les deux options sont à 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6082,12 +6095,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6100,7 +6113,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6112,17 +6125,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Par défaut : host/hostname@REALM"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6133,17 +6146,17 @@ msgstr ""
- "domaine, cette option est ignorée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Par défaut : la valeur de krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6152,34 +6165,34 @@ msgstr ""
- "le nom de l'hôte au cours d'une liaison SASL."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Défaut : false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Par défaut : le fichier keytab du système, normalement <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6187,28 +6200,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Par défaut : 86400 (24 heures)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6228,7 +6241,7 @@ msgstr ""
- "<quote>DÉCOUVERTE DE SERVICES</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6239,7 +6252,7 @@ msgstr ""
- "comme protocole, et passe sur _tcp si aucune entrée n'est trouvée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6251,29 +6264,29 @@ msgstr ""
- "l'utilisation de <quote>krb5_server</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Par défaut : valeur par défaut du système, voir <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6283,12 +6296,12 @@ msgstr ""
- "Kerberos > = 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6303,7 +6316,7 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6315,12 +6328,12 @@ msgstr ""
- "localisation."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6329,7 +6342,7 @@ msgstr ""
- "valeurs suivantes sont acceptées :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6338,7 +6351,7 @@ msgstr ""
- "peut pas désactiver la politique sur les mots de passe du côté serveur."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6349,7 +6362,7 @@ msgstr ""
- "manvolnum></citerefentry> pour évaluer si le mot de passe a expiré."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -6361,7 +6374,7 @@ msgstr ""
- "est changé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -6370,17 +6383,17 @@ msgstr ""
- "côté serveur, elle prend le pas sur la politique indiquée avec cette option."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "Définit si le déréférencement automatique doit être activé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6389,7 +6402,7 @@ msgstr ""
- "compilé avec OpenLDAP version 2.4.13 ou supérieur."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6403,29 +6416,29 @@ msgstr ""
- "permettre d'améliorer de façon notable les performances."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Définit le nom de service à utiliser quand la découverte de services est "
- "activée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Par défaut : ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6434,19 +6447,19 @@ msgstr ""
- "un changement de mot de passe quand la découverte de services est activée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
- "Par défaut : non défini, c'est-à-dire que le service de découverte est "
- "désactivé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -6456,12 +6469,12 @@ msgstr ""
- "de passe."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6477,12 +6490,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Exemple :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6494,7 +6507,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -6503,7 +6516,7 @@ msgstr ""
- "dont l'attribut employeeType est « admin »."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6512,17 +6525,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Par défaut : vide"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6531,7 +6544,7 @@ msgstr ""
- "être activée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6543,12 +6556,12 @@ msgstr ""
- "correct."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Les valeurs suivantes sont autorisées :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6557,7 +6570,7 @@ msgstr ""
- "pour déterminer si le compte a expiré."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6570,7 +6583,7 @@ msgstr ""
- "d'expiration du compte est aussi vérifiée."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6581,7 +6594,7 @@ msgstr ""
- "l'accès est autorisé ou non."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6594,7 +6607,7 @@ msgstr ""
- "est autorisé. Si les deux attributs sont manquants, l'accès est autorisé."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6605,24 +6618,24 @@ msgstr ""
- "ldap_account_expire_policy de fonctionner."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Liste séparées par des virgules des options de contrôles d'accès. Les "
- "valeurs autorisées sont :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis> : utiliser ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6632,14 +6645,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6652,12 +6665,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: utiliser ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6667,7 +6680,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6677,20 +6690,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6699,32 +6712,32 @@ msgstr ""
- "authorizedService pour déterminer l'accès"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis> : utilise l'attribut host pour déterminer l'accès"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Par défaut : filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -6733,12 +6746,12 @@ msgstr ""
- "de configuration."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6747,22 +6760,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Exemple : cn=ppolicy,ou=policies,dc=example,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6771,12 +6784,12 @@ msgstr ""
- "recherche. Les options suivantes sont autorisées :"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis> : les alias ne sont jamais déréférencés."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6786,7 +6799,7 @@ msgstr ""
- "recherche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6795,7 +6808,7 @@ msgstr ""
- "la localisation de l'objet de base de la recherche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6804,7 +6817,7 @@ msgstr ""
- "recherche et et la localisation de l'objet de base de la recherche."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6813,12 +6826,12 @@ msgstr ""
- "bibliothèques clientes LDAP)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -6827,7 +6840,7 @@ msgstr ""
- "LDAP pour les serveurs qui utilisent le schéma RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6845,7 +6858,7 @@ msgstr ""
- "initgoups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6856,36 +6869,29 @@ msgstr ""
- "ajoutent les utilisateurs locaux aux groupes LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6895,19 +6901,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Toutes les options de configuration communes appliquées aux domaines SSSD "
--"s'appliquent aussi aux domaines LDAP. Voir la section des <quote>SECTIONS DE "
--"DOMAINE</quote> dans la page de manuel <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> pour plus de "
--"détails. <placeholder type=\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "OPTIONS DE SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6915,12 +6916,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -6930,7 +6931,7 @@ msgstr ""
- "règles qui sont stockées sur le serveur)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -6939,17 +6940,17 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Par défaut : 21600 (6 heures)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6957,7 +6958,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -6966,7 +6967,7 @@ msgstr ""
- "modifyTimestamp est utilisé à la place."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6976,12 +6977,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -6991,12 +6992,12 @@ msgstr ""
- "noms de systèmes)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7005,7 +7006,7 @@ msgstr ""
- "doivent être utilisés pour filtrer les règles."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7014,8 +7015,8 @@ msgstr ""
- "nom de système et le nom de domaine pleinement qualifié."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7024,17 +7025,17 @@ msgstr ""
- "emphasis>, alors cette option n'a aucun effet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Par défaut : non spécifié"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7043,7 +7044,7 @@ msgstr ""
- "IPv6 qui doivent être utilisés pour filtrer les règles."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7052,12 +7053,12 @@ msgstr ""
- "automatiquement."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7066,12 +7067,12 @@ msgstr ""
- "netgroup dans l'attribut sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7080,14 +7081,14 @@ msgstr ""
- "un joker dans l'attribut sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7100,59 +7101,59 @@ msgstr ""
- "manvolnum></citerefentry>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "OPTIONS AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Le nom de la table de montage automatique maîtresse dans LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Par défaut : auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPTIONS AVANCÉES"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (chaînes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7161,22 +7162,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7185,14 +7186,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPLE"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7203,7 +7204,7 @@ msgstr ""
- "replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7223,27 +7224,27 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7269,13 +7270,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTES"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8912,7 +8913,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (booléen)"
-
-@@ -8927,7 +8928,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8949,12 +8950,12 @@ msgstr ""
- "configuration."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (entier)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8981,12 +8982,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Par défaut : 1200 (secondes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -9014,17 +9015,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -9032,7 +9033,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -9067,7 +9068,7 @@ msgstr ""
- "seront utilisés comme serveurs de repli"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (entier)"
-
-@@ -9084,12 +9085,12 @@ msgstr ""
- "configurée à true."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -9114,12 +9115,12 @@ msgid "Default: False (disabled)"
- msgstr "Par défaut : False (désactivé)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (booléen)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -9128,48 +9129,48 @@ msgstr ""
- "communication avec le serveur DNS."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Par défaut : False (laisser nsupdate choisir le protocole)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -9295,26 +9296,26 @@ msgstr ""
- "convertit en DN de base pour effectuer les opérations LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10807,9 +10808,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (booléen)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10826,19 +10845,19 @@ msgstr ""
- "<quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Par défaut : 3600 (secondes)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10848,12 +10867,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Par défaut : True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10864,7 +10883,7 @@ msgstr ""
- "exemples montrent seulement les options spécifiques au fournisseur AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10888,7 +10907,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10900,7 +10919,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10911,7 +10930,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10921,7 +10940,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -11500,17 +11519,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
--#| "debug messages will be sent to stderr."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Si la variable d'environnement SSSD_KRB5_LOCATOR_DEBUG a une valeur "
--"quelconque, des messages de débogage seront envoyés sur la sortie standard "
--"d'erreur."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -12698,21 +12710,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Consulter la page de manuel de <citerefentry> "
--"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry> pour plus d'informations sur le greffon de "
--"localisation."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -15443,26 +15446,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the AD provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Cette page de manuel décrit la configuration du fournisseur AD pour "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Pour une référence détaillée sur la syntaxe, cf. la section "
--"<quote>FORMAT DE FICHIER</quote> de la page de manuel <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -15491,10 +15480,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (entier)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -15508,10 +15495,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (entier)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -15522,17 +15507,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Par défaut : 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (entier)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -15543,10 +15524,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Par défaut : 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15747,17 +15726,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "user_attributes = +telephoneNumber, -loginShell\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"user_attributes = +telephoneNumber, -loginShell\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
-@@ -16026,10 +16000,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (chaînes)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -16048,28 +16020,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Fournisseur LDAP SSSD"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -16077,11 +16037,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Ce manuel décrit la configuration des domaines LDAP pour <citerefentry> "
--"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--"citerefentry>. Se référer à la section <quote>FILE FORMAT</quote> du manuel "
--"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry> pour des informations sur la syntaxe détaillée."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -16950,10 +16905,8 @@ msgstr "ldap_group_modify_timestamp (chaîne)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (chaîne)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -17178,10 +17131,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SECTIONS DE SERVICES"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -17429,10 +17380,8 @@ msgstr "Par défaut : sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "OPTIONS AUTOFS"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -17734,10 +17683,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (entier)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -18898,20 +18845,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Par défaut : homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (entier)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
-diff --git a/src/man/po/ja.po b/src/man/po/ja.po
-index 5231f970b..85dd3f49c 100644
---- a/src/man/po/ja.po
-+++ b/src/man/po/ja.po
-@@ -9,9 +9,9 @@
- # Keiko Moriguchi <kemorigu@redhat.com>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2019-05-28 11:45+0000\n"
- "Last-Translator: Keiko Moriguchi <kemorigu@redhat.com>\n"
- "Language-Team: Japanese (http://www.transifex.com/projects/p/sssd/language/"
-@@ -322,9 +322,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "初期値: true"
-@@ -344,16 +344,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "初期値: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -382,7 +382,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "初期値: 10"
-
-@@ -566,10 +566,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (論理値)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -585,21 +583,11 @@ msgstr "try_inotify (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD は、内部 DNS リゾルバーを更新する必要となるときを認識するために、resolv."
--"conf の状態を監視します。初期状態では、このために inotify を使用しようとしま"
--"す。inotify が使用できない場合 5 秒ごとに resolv.conf をポーリングするよう"
--"フォールバックします。"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -714,8 +702,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -824,10 +812,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "初期値: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1864,7 +1850,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "初期値: 0"
-
-@@ -1928,7 +1914,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "初期値: none"
-
-@@ -1993,8 +1979,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "初期値: 偽"
-@@ -2335,10 +2321,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set, i.e. FAST is not used."
- msgid "Default: not set, all found rules are used"
--msgstr "初期値: 設定されません、つまり FAST が使用されません。"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -5378,17 +5362,38 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "初期値: 900 (15 分)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (整数)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -5397,17 +5402,17 @@ msgstr ""
- "バーは 1 要求あたりの最大数の制限を強制します。"
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "初期値: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5418,7 +5423,7 @@ msgstr ""
- "ことを報告する場合に、このオプションが使用されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -5428,7 +5433,7 @@ msgstr ""
- "す。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5439,17 +5444,17 @@ msgstr ""
- "があります。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Active Directory の範囲の取得を無効化します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5459,12 +5464,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5472,17 +5477,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (整数)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5490,7 +5510,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5501,7 +5521,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5510,7 +5530,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5518,12 +5538,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -5532,7 +5552,7 @@ msgstr ""
- "クするものを指定します。以下の値のうち 1 つを指定できます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5541,7 +5561,7 @@ msgstr ""
- "確認しません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5552,7 +5572,7 @@ msgstr ""
- "無視され、セッションが通常通り進められます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5563,7 +5583,7 @@ msgstr ""
- "ンが直ちに終了します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5573,22 +5593,22 @@ msgstr ""
- "なければ、もしくは不正な証明書が提供されれば、セッションが直ちに終了します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = <quote>demand</quote> と同じです"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "初期値: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -5598,7 +5618,7 @@ msgstr ""
- "書を含むファイルを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -5607,12 +5627,12 @@ msgstr ""
- "filename> にあります"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5625,32 +5645,32 @@ msgstr ""
- "ます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "クライアントのキーに対する証明書を含むファイルを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "クライアントのキーを含むファイルを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5658,12 +5678,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -5672,12 +5692,12 @@ msgstr ""
- "用する必要がある id_provider 接続を指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5685,18 +5705,18 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "この機能は現在 ActiveDirectory objectSID マッピングのみサポートします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5707,24 +5727,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5735,12 +5755,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5753,7 +5773,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5765,17 +5785,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "初期値: host/hostname@REALM"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5783,17 +5803,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "初期値: krb5_realm の値"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -5802,33 +5822,33 @@ msgstr ""
- "するために逆引きを実行します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "初期値: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "初期値: システムのキーテーブル、通常 <filename>/etc/krb5.keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5836,28 +5856,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "初期値: 86400 (24 時間)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5869,7 +5889,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5880,7 +5900,7 @@ msgstr ""
- "ば _tcp にフォールバックします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5891,27 +5911,27 @@ msgstr ""
- "quote> を使用するよう設定ファイルを移行することが推奨されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr "初期値: システムの初期値、<filename>/etc/krb5.conf</filename> 参照。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -5920,12 +5940,12 @@ msgstr ""
- "します。この機能は MIT Kerberos >= 1.7 で利用可能です。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5935,7 +5955,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5946,12 +5966,12 @@ msgstr ""
- "manvolnum> </citerefentry> マニュアルページを参照ください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -5960,7 +5980,7 @@ msgstr ""
- "す。以下の値が許容されます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -5969,7 +5989,7 @@ msgstr ""
- "ンはサーバー側のパスワードポリシーを無効にできません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5980,7 +6000,7 @@ msgstr ""
- "manvolnum></citerefentry> 形式の属性を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5991,24 +6011,24 @@ msgstr ""
- "とき、これらの属性を更新するために chpass_provider=krb5 を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "自動参照追跡が有効化されるかを指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6017,7 +6037,7 @@ msgstr ""
- "sssd のみが参照追跡をサポートすることに注意してください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6026,28 +6046,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "サービス検索が有効にされているときに使用するサービスの名前を指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "初期値: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6056,29 +6076,29 @@ msgstr ""
- "を検索するために使用するサービスの名前を指定します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "初期値: 設定されていません、つまりサービス検索が無効にされています"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -6094,12 +6114,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "例:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -6108,14 +6128,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -6124,17 +6144,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "初期値: 空白"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -6143,7 +6163,7 @@ msgstr ""
- "ます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -6154,12 +6174,12 @@ msgstr ""
- "否します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "以下の値が許可されます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -6168,7 +6188,7 @@ msgstr ""
- "ldap_user_shadow_expire の値を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -6177,7 +6197,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -6188,7 +6208,7 @@ msgstr ""
- "ldap_ns_account_lock の値を使用します。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -6201,7 +6221,7 @@ msgstr ""
- "クセスが許可されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -6209,23 +6229,23 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "アクセス制御オプションのカンマ区切り一覧です。許可される値は次のとおりです:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: ldap_access_filter を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6235,14 +6255,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -6255,12 +6275,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: ldap_account_expire_policy を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -6270,7 +6290,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -6280,20 +6300,20 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -6302,44 +6322,44 @@ msgstr ""
- "authorizedService 属性を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: アクセス権を決めるために host 属性を使用します"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "初期値: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr "値が複数使用されていると設定エラーになることに注意してください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -6348,22 +6368,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -6372,12 +6392,12 @@ msgstr ""
- "ションが許容されます:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis>: エイリアスが参照解決されません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -6386,7 +6406,7 @@ msgstr ""
- "決されますが、検索のベースオブジェクトの位置を探すときはされません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -6395,7 +6415,7 @@ msgstr ""
- "すときのみ参照解決されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -6404,7 +6424,7 @@ msgstr ""
- "きも位置を検索するときも参照解決されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -6413,19 +6433,19 @@ msgstr ""
- "して取り扱われます)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6436,7 +6456,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6444,36 +6464,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -6483,19 +6496,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"SSSD ドメインに適用するすべての全体設定オプションを LDAP ドメインに適用しま"
--"す。完全な詳細は <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry> マニュアルページの <quote>ドメインセ"
--"クション</quote> を参照してください。 <placeholder type=\"variablelist\" id="
--"\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "SUDO オプション"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6503,19 +6511,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -6524,17 +6532,17 @@ msgstr ""
- "ります"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "初期値: 21600 (6 時間)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6542,14 +6550,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6559,24 +6567,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -6585,15 +6593,15 @@ msgstr ""
- "区切り一覧です。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -6602,17 +6610,17 @@ msgstr ""
- "ならば、このオプションは効果を持ちません。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "初期値: 指定なし"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -6621,7 +6629,7 @@ msgstr ""
- "アドレスの空白区切り一覧です。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -6629,38 +6637,38 @@ msgstr ""
- "このオプションが空白ならば、SSSD は自動的にアドレスを検索しようとします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6672,59 +6680,59 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry> を参照してください"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "AUTOFS オプション"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "高度なオプション"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6733,22 +6741,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6757,14 +6765,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "例"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6775,7 +6783,7 @@ msgstr ""
- "す。"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6788,27 +6796,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6824,13 +6832,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "注記"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -8432,7 +8440,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (論理値)"
-
-@@ -8447,7 +8455,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -8465,12 +8473,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (整数)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8491,12 +8499,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "初期値: 1200 (秒)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8520,17 +8528,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8538,7 +8546,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8565,7 +8573,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (整数)"
-
-@@ -8578,12 +8586,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8602,12 +8610,12 @@ msgid "Default: False (disabled)"
- msgstr "初期値: False (無効)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (論理値)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -8616,48 +8624,48 @@ msgstr ""
- "どうか。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8781,26 +8789,26 @@ msgstr ""
- "めに使用するベース DN に変換されます。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -10256,9 +10264,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (論理値)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -10268,19 +10294,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "初期値: 3600 (秒)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -10290,12 +10316,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "初期値: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -10306,7 +10332,7 @@ msgstr ""
- "AD プロバイダー固有のオプションのみ示してします。"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -10330,7 +10356,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -10342,7 +10368,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -10350,7 +10376,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -10360,7 +10386,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -10874,16 +10900,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
--#| "debug messages will be sent to stderr."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"環境変数 SSSD_KRB5_LOCATOR_DEBUG に何らかの値が設定されていると、デバッグメッ"
--"セージが標準エラーに送られます。"
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -12030,20 +12050,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for "
--#| "more information on the locator plugin."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"位置情報プラグインの詳細は <citerefentry> "
--"<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> <manvolnum>8</"
--"manvolnum> </citerefentry> マニュアルページを参照ください。"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -14711,25 +14723,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of the IPA provider for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
--#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
--#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#| "citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
--"<manvolnum>8</manvolnum> </citerefentry> に対する IPA プロバイダーの設定を説"
--"明しています。詳細な構文の参考資料は <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルペー"
--"ジの <quote>ファイル形式</quote> を参照してください。"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -14758,10 +14757,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (整数)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -14775,10 +14772,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (整数)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -14789,17 +14784,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "初期値: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (整数)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -14810,10 +14801,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "初期値: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15288,10 +15277,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (文字列)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -15310,10 +15297,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
-@@ -15322,14 +15307,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -15337,11 +15314,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"このマニュアルページは <citerefentry> <refentrytitle>sssd</refentrytitle> "
--"<manvolnum>8</manvolnum> </citerefentry> 向けの LDAP ドメインの設定を説明して"
--"います。詳細な構文については <citerefentry> <refentrytitle>sssd.conf</"
--"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> マニュアルページの "
--"<quote>ファイル形式</quote> セクションを参照してください。"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -16172,10 +16144,8 @@ msgstr "ldap_group_modify_timestamp (文字列)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (文字列)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -16393,10 +16363,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "サービスセクション"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -16637,10 +16605,8 @@ msgstr "初期値: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "AUTOFS オプション"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -16906,10 +16872,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (整数)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -17965,6 +17929,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "初期値: homeDirectory"
-diff --git a/src/man/po/lv.po b/src/man/po/lv.po
-index bd30342f9..fe1fe881a 100644
---- a/src/man/po/lv.po
-+++ b/src/man/po/lv.po
-@@ -7,9 +7,9 @@
- # Kristaps, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:00+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Latvian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -297,9 +297,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -319,16 +319,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -357,7 +357,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Noklusējuma: 10"
-
-@@ -655,8 +655,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -765,10 +765,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: sha256"
--msgstr "Noklusējuma: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1738,7 +1736,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1802,7 +1800,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1867,8 +1865,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5037,34 +5035,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5072,14 +5089,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5087,17 +5104,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5107,12 +5124,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5120,17 +5137,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5138,7 +5168,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5149,7 +5179,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5158,7 +5188,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5166,26 +5196,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5193,7 +5223,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5201,7 +5231,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5209,41 +5239,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5252,32 +5282,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5285,24 +5315,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5310,17 +5340,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5331,24 +5361,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5359,12 +5389,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5377,7 +5407,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5389,17 +5419,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5407,49 +5437,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5457,28 +5487,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Noklusējuma: 86400 (24 stundas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5490,7 +5520,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5498,7 +5528,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5506,39 +5536,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5548,7 +5578,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5556,26 +5586,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5583,7 +5613,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5591,31 +5621,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5624,56 +5654,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Noklusējuma: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5689,12 +5719,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Piemērs:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5703,14 +5733,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5719,24 +5749,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5744,19 +5774,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Atļautas šādas vērtības:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5765,7 +5795,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5773,7 +5803,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5782,7 +5812,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5790,22 +5820,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5815,14 +5845,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5835,12 +5865,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5850,7 +5880,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5860,63 +5890,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Noklusējuma: filtrēt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5925,74 +5955,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6003,7 +6033,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6011,24 +6041,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6045,12 +6075,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6058,36 +6088,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6095,14 +6125,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6112,101 +6142,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6215,59 +6245,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "PAPLAŠINĀTĀS IESPĒJAS"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6276,22 +6306,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6300,14 +6330,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "PIEMĒRS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6315,7 +6345,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6328,27 +6358,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6364,13 +6394,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "PIEZĪMES"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7900,7 +7930,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7915,7 +7945,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7930,12 +7960,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7956,12 +7986,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7985,17 +8015,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8003,7 +8033,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8030,7 +8060,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8043,12 +8073,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8067,60 +8097,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8234,26 +8264,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9693,9 +9723,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9705,19 +9751,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9727,12 +9773,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9740,7 +9786,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9755,7 +9801,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9764,7 +9810,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9772,7 +9818,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9782,7 +9828,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13874,10 +13920,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "noildze (vesels skaitlis)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13903,10 +13947,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Noklusējuma: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13922,10 +13964,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Noklusējuma: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -14420,10 +14460,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
-diff --git a/src/man/po/nl.po b/src/man/po/nl.po
-index e05315677..640b8933d 100644
---- a/src/man/po/nl.po
-+++ b/src/man/po/nl.po
-@@ -6,9 +6,9 @@
- # Wijnand Modderman-Lenstra <accounts-transifex@maze.io>, 2011
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:02+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Dutch (http://www.transifex.com/projects/p/sssd/language/"
-@@ -320,9 +320,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Standaard: true"
-@@ -342,16 +342,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -380,7 +380,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -559,10 +559,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "try_inotify (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "try_inotify (bool)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -578,21 +576,11 @@ msgstr "try_inotify (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD houdt de stat van resolv.conf in de gaten om te zien wanneer de interne "
--"DNS-resolver bijgewerkt moet worden. Standaard wordt er geprobeerd om "
--"inotify te gebruiken en er wordt teruggevallen op iedere vijf seconden "
--"kijken of resolv.conf gewijzigd is als er geen inotify beschikbaar is."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -704,8 +692,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -814,10 +802,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 120"
- msgid "Default: sha256"
--msgstr "Standaard: 120"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1791,7 +1777,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Standaard: 0"
-
-@@ -1855,7 +1841,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1920,8 +1906,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5093,34 +5079,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "reconnection_retries (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "reconnection_retries (numeriek)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5128,14 +5135,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5143,17 +5150,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5163,12 +5170,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5176,17 +5183,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5194,7 +5214,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5205,7 +5225,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5214,7 +5234,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5222,26 +5242,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5249,7 +5269,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5257,7 +5277,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5265,41 +5285,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5308,32 +5328,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5341,24 +5361,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5366,17 +5386,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5387,24 +5407,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5415,12 +5435,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5433,7 +5453,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5445,17 +5465,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5463,49 +5483,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5513,28 +5533,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5546,7 +5566,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5554,7 +5574,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5562,39 +5582,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5604,7 +5624,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5612,26 +5632,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5639,7 +5659,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5647,31 +5667,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5680,56 +5700,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5745,12 +5765,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5759,14 +5779,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5775,24 +5795,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5800,19 +5820,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5821,7 +5841,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5829,7 +5849,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5838,7 +5858,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5846,22 +5866,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5871,14 +5891,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5891,12 +5911,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5906,7 +5926,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5916,63 +5936,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5981,74 +6001,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6059,7 +6079,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6067,24 +6087,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6101,12 +6121,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6114,36 +6134,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6151,14 +6171,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6168,101 +6188,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6271,59 +6291,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6332,22 +6352,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6356,14 +6376,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6371,7 +6391,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6384,27 +6404,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6420,13 +6440,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7956,7 +7976,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7971,7 +7991,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7986,12 +8006,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8012,12 +8032,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8041,17 +8061,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8059,7 +8079,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8086,7 +8106,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8099,12 +8119,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8123,60 +8143,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8290,26 +8310,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9749,9 +9769,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "debug_timestamps (bool)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "debug_timestamps (bool)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9761,19 +9799,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9783,12 +9821,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9796,7 +9834,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9811,7 +9849,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9820,7 +9858,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9828,7 +9866,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9838,7 +9876,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13930,10 +13968,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccaches (integer)"
--msgstr "enum_cache_timeout (numeriek)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13947,10 +13983,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "enum_cache_timeout (numeriek)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13961,17 +13995,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "Standaard: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "enum_cache_timeout (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "enum_cache_timeout (numeriek)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -13982,10 +14012,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "Standaard: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15488,10 +15516,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "SERVICES SECTIE"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-diff --git a/src/man/po/pt.po b/src/man/po/pt.po
-index a7796f3b9..f4e972337 100644
---- a/src/man/po/pt.po
-+++ b/src/man/po/pt.po
-@@ -6,9 +6,9 @@
- # Miguel Sousa <migueljorgesousa@sapo.pt>, 2011
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:05+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Portuguese (http://www.transifex.com/projects/p/sssd/language/"
-@@ -315,9 +315,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -337,16 +337,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Padrão: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -375,7 +375,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Padrão: 10"
-
-@@ -554,10 +554,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "try_inotify (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "try_inotify (boolean)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -679,8 +677,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -789,10 +787,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: sha256"
--msgstr "Padrão: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1762,7 +1758,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1826,7 +1822,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Padrão: none"
-
-@@ -1891,8 +1887,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5089,34 +5085,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "reconnection_retries (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "reconnection_retries (integer)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Padrão: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5124,14 +5141,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5139,17 +5156,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5159,12 +5176,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5172,17 +5189,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_page_size (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_page_size (integer)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5190,7 +5222,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5201,7 +5233,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5210,7 +5242,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5218,19 +5250,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -5239,7 +5271,7 @@ msgstr ""
- "qualquer certificado de servidor."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5247,7 +5279,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5255,7 +5287,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5263,41 +5295,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Padrão: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5306,32 +5338,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5339,24 +5371,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5364,17 +5396,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5385,24 +5417,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5413,12 +5445,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5431,7 +5463,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5443,17 +5475,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5461,50 +5493,50 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Padrão: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Padrão: Sistema keytab, normalmente <filename>/etc/krb5.keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5512,28 +5544,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (integer)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Padrão: 86400 (24 horas)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5545,7 +5577,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5553,7 +5585,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5561,39 +5593,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5603,7 +5635,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5611,26 +5643,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5638,7 +5670,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5646,31 +5678,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5679,56 +5711,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5744,12 +5776,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5758,14 +5790,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5774,24 +5806,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5799,19 +5831,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5820,7 +5852,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5828,7 +5860,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5837,7 +5869,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5845,22 +5877,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5870,14 +5902,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5890,12 +5922,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5905,7 +5937,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5915,63 +5947,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Padrão: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5980,74 +6012,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6058,7 +6090,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6066,24 +6098,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6100,12 +6132,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6113,36 +6145,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6150,14 +6182,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6167,101 +6199,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6270,59 +6302,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "OPÇÕES AVANÇADAS"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (string)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6331,22 +6363,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6355,14 +6387,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPLO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6370,7 +6402,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6383,27 +6415,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6419,13 +6451,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTAS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7955,7 +7987,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7970,7 +8002,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7985,12 +8017,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -8011,12 +8043,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -8040,17 +8072,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8058,7 +8090,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8085,7 +8117,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8098,12 +8130,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8122,60 +8154,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8289,26 +8321,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9748,9 +9780,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (boolean)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9760,19 +9810,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9782,12 +9832,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Padrão: TRUE"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9795,7 +9845,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9810,7 +9860,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9819,7 +9869,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9827,7 +9877,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9837,7 +9887,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13949,10 +13999,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccaches (integer)"
--msgstr "ldap_page_size (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -13966,10 +14014,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "min_id,max_id (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "min_id,max_id (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -13980,17 +14026,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Padrão: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "ldap_page_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "ldap_page_size (integer)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -14001,10 +14043,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Padrão: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -14479,10 +14519,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (string)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -14501,10 +14539,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
-@@ -15296,10 +15332,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_search_base (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_search_base (string)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -15998,10 +16032,8 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout (integer)"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout (integer)"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
-@@ -17029,6 +17061,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Padrão: homeDirectory"
-diff --git a/src/man/po/pt_BR.po b/src/man/po/pt_BR.po
-index 368e3beca..95d0fee52 100644
---- a/src/man/po/pt_BR.po
-+++ b/src/man/po/pt_BR.po
-@@ -2,9 +2,9 @@
- # Rodrigo de Araujo Sousa Fonseca <rodrigodearaujo@fedoraproject.org>, 2017. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2017-01-29 10:11+0000\n"
- "Last-Translator: Rodrigo de Araujo Sousa Fonseca "
- "<rodrigodearaujo@fedoraproject.org>\n"
-@@ -291,9 +291,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -313,16 +313,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -351,7 +351,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -649,8 +649,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -1730,7 +1730,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1794,7 +1794,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1859,8 +1859,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5029,34 +5029,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5064,14 +5083,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5079,17 +5098,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5099,12 +5118,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5112,17 +5131,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5130,7 +5162,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5141,7 +5173,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5150,7 +5182,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5158,26 +5190,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5185,7 +5217,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5193,7 +5225,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5201,41 +5233,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5244,32 +5276,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5277,24 +5309,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5302,17 +5334,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5323,24 +5355,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5351,12 +5383,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5369,7 +5401,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5381,17 +5413,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5399,49 +5431,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5449,28 +5481,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5482,7 +5514,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5490,7 +5522,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5498,39 +5530,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5540,7 +5572,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5548,26 +5580,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5575,7 +5607,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5583,31 +5615,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5616,56 +5648,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5681,12 +5713,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5695,14 +5727,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5711,24 +5743,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5736,19 +5768,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5757,7 +5789,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5765,7 +5797,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5774,7 +5806,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5782,22 +5814,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5807,14 +5839,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5827,12 +5859,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5842,7 +5874,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5852,63 +5884,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5917,74 +5949,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5995,7 +6027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6003,24 +6035,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6037,12 +6069,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6050,36 +6082,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6087,14 +6119,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6104,101 +6136,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6207,59 +6239,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6268,22 +6300,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6292,14 +6324,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6307,7 +6339,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6320,27 +6352,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6356,13 +6388,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7892,7 +7924,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7907,7 +7939,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7922,12 +7954,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7948,12 +7980,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7977,17 +8009,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7995,7 +8027,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8022,7 +8054,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8035,12 +8067,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8059,60 +8091,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8226,26 +8258,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9685,9 +9717,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9697,19 +9745,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9719,12 +9767,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9732,7 +9780,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9747,7 +9795,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9756,7 +9804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9764,7 +9812,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9774,7 +9822,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-diff --git a/src/man/po/ru.po b/src/man/po/ru.po
-index 2325daba0..79c0c1b77 100644
---- a/src/man/po/ru.po
-+++ b/src/man/po/ru.po
-@@ -6,9 +6,9 @@
- # Artyom Kunyov <artkun@guitarplayer.ru>, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:07+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Russian (http://www.transifex.com/projects/p/sssd/language/"
-@@ -296,9 +296,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -318,16 +318,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "По умолчанию: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -356,7 +356,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "По умолчанию: 10"
-
-@@ -654,8 +654,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -764,10 +764,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "По умолчанию: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1737,7 +1735,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1801,7 +1799,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1866,8 +1864,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5036,34 +5034,55 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "reconnection_retries (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "попыток_соединения (целое число)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5071,14 +5090,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5086,17 +5105,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5106,12 +5125,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5119,17 +5138,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5137,7 +5169,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5148,7 +5180,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5157,7 +5189,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5165,26 +5197,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5192,7 +5224,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5200,7 +5232,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5208,41 +5240,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5251,32 +5283,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5284,24 +5316,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5309,17 +5341,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5330,24 +5362,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5358,12 +5390,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5376,7 +5408,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5388,17 +5420,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5406,49 +5438,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5456,28 +5488,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5489,7 +5521,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5497,7 +5529,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5505,39 +5537,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5547,7 +5579,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5555,26 +5587,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5582,7 +5614,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5590,31 +5622,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5623,56 +5655,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5688,12 +5720,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5702,14 +5734,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5718,24 +5750,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5743,19 +5775,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5764,7 +5796,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5772,7 +5804,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5781,7 +5813,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5789,22 +5821,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5814,14 +5846,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5834,12 +5866,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5849,7 +5881,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5859,63 +5891,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5924,74 +5956,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6002,7 +6034,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6010,24 +6042,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6044,12 +6076,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6057,36 +6089,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6094,14 +6126,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6111,101 +6143,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6214,59 +6246,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6275,22 +6307,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6299,14 +6331,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "ПРИМЕР"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6314,7 +6346,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6327,27 +6359,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6363,13 +6395,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7899,7 +7931,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7914,7 +7946,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7929,12 +7961,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7955,12 +7987,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7984,17 +8016,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8002,7 +8034,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8029,7 +8061,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8042,12 +8074,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8066,60 +8098,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8233,26 +8265,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9692,9 +9724,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9704,19 +9752,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9726,12 +9774,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9739,7 +9787,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9754,7 +9802,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9763,7 +9811,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9771,7 +9819,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9781,7 +9829,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13900,10 +13948,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "По умолчанию: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13919,10 +13965,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "По умолчанию: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -16939,6 +16983,3 @@ msgstr ""
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr ""
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "По умолчанию: homeDirectory"
-diff --git a/src/man/po/sssd-docs.pot b/src/man/po/sssd-docs.pot
-index fac55fd72..d8bcf2ee5 100644
---- a/src/man/po/sssd-docs.pot
-+++ b/src/man/po/sssd-docs.pot
-@@ -8,7 +8,7 @@ msgid ""
- msgstr ""
- "Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:29+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:39+0100\n"
- "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
- "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
- "Language-Team: LANGUAGE <LL@li.org>\n"
-@@ -254,7 +254,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070 sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
-+#: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646 sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746 sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105 sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326 sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191 sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-
-@@ -271,12 +271,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
-+#: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825 sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305 sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015 sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444 sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479 sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330 sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646 sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873 sssd-ldap-attributes.5.xml:970 sssd-ldap-attributes.5.xml:1028 include/autofs_attributes.xml:1
- msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
-
-@@ -299,7 +299,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320 sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -599,7 +599,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720 sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755 sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918 sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590 sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470 sssd-ldap-attributes.5.xml:959 include/ldap_id_mapping.xml:205 include/ldap_id_mapping.xml:216
- msgid "Default: not set"
- msgstr ""
-
-@@ -1672,7 +1672,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1733,7 +1733,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1039
-+#: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427 sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095 sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1798,7 +1798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575 sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504 include/ldap_id_mapping.xml:244
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594 sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033 include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-
-@@ -4964,34 +4964,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single "
- "request. Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -4999,7 +5018,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use "
-@@ -5007,7 +5026,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5015,17 +5034,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5035,12 +5054,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5048,17 +5067,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5066,7 +5098,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to "
- "0. Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5077,7 +5109,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5086,7 +5118,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5094,26 +5126,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5121,7 +5153,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5129,7 +5161,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5137,41 +5169,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in "
- "<filename>/etc/openldap/ldap.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5180,32 +5212,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5213,24 +5245,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem "
- "class=\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5238,17 +5270,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5259,24 +5291,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5287,12 +5319,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5305,7 +5337,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5317,17 +5349,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5335,49 +5367,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5385,29 +5417,29 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is "
- "used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of "
-@@ -5419,7 +5451,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5427,7 +5459,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of "
- "SSSD. While the legacy name is recognized for the time being, users are "
-@@ -5436,39 +5468,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5478,7 +5510,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> "
- "<refentrytitle>sssd_krb5_locator_plugin</refentrytitle> "
-@@ -5487,26 +5519,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client "
- "side. The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use "
- "<citerefentry><refentrytitle>shadow</refentrytitle> "
-@@ -5515,7 +5547,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5523,31 +5555,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5556,56 +5588,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5622,12 +5654,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5636,14 +5668,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5652,24 +5684,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5677,19 +5709,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5698,7 +5730,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, "
- "<emphasis>389ds</emphasis>: use the value of ldap_ns_account_lock to check "
-@@ -5706,7 +5738,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5715,7 +5747,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option "
- "<emphasis>must</emphasis> include <quote>expire</quote> in order for the "
-@@ -5723,22 +5755,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5748,7 +5780,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the "
- "<quote>ppolicy</quote> option and might be removed in a future release. "
-@@ -5756,7 +5788,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5769,12 +5801,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5784,7 +5816,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5794,38 +5826,38 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control "
-@@ -5833,24 +5865,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5859,74 +5891,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -5937,7 +5969,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -5945,24 +5977,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -5979,12 +6011,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -5992,36 +6024,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval "
- "</emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6029,14 +6061,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6046,100 +6078,100 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563 sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598 sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is "
- "<emphasis>false</emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6148,59 +6180,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6209,22 +6241,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6233,12 +6265,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843 sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98 sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6246,7 +6278,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6259,24 +6291,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139 sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613 sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150 include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6292,12 +6324,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148 sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7831,7 +7863,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7846,7 +7878,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7861,12 +7893,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7887,12 +7919,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7916,17 +7948,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -7934,7 +7966,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -7962,7 +7994,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -7975,12 +8007,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -7999,60 +8031,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8166,26 +8198,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-
-@@ -9622,9 +9654,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9634,19 +9682,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9656,12 +9704,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and "
- "example.com is one of the domains in the <replaceable>[sssd]</replaceable> "
-@@ -9669,7 +9717,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9684,7 +9732,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9693,7 +9741,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9701,7 +9749,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9711,7 +9759,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-diff --git a/src/man/po/sv.po b/src/man/po/sv.po
-index edd640ae9..27f4ddb41 100644
---- a/src/man/po/sv.po
-+++ b/src/man/po/sv.po
-@@ -2,9 +2,9 @@
- # Göran Uddeborg <goeran@uddeborg.se>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2019-11-11 02:33+0000\n"
- "Last-Translator: Göran Uddeborg <goeran@uddeborg.se>\n"
- "Language-Team: Swedish\n"
-@@ -344,9 +344,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Standard: true"
-@@ -368,16 +368,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Standard: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -409,7 +409,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Standard: 10"
-
-@@ -619,10 +619,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (boolean)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -638,21 +636,11 @@ msgstr "try_inotify (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD övervakar tillståndet hos resolv.conf för att identifiera när den "
--"behöver uppdatera sin interna DNS-uppslagning. Som standard kommer vi "
--"försöka använda inotify till detta, och kommer falla tillbaka på att polla "
--"resolv.conf var femte sekund om inotify inte kan användas."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:344
-@@ -770,13 +758,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -787,16 +768,10 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Observera att om detta alternativ anges måste alla användare från den "
--"primära domänen använda sitt fullständigt kvalificerade namn, t.ex. "
--"användare@domän.namn, för att logga in. Att ange detta alternativ ändrar "
--"standardet på use_fully_qualified_names till True. Det är inte tillåtet att "
--"använda detta alternativ tillsammans med use_fully_qualified_names satt "
--"till False."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -866,10 +841,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:483
--#, fuzzy
--#| msgid "no_ocsp"
- msgid "soft_ocsp"
--msgstr "no_ocsp"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:485 sssd.conf.5.xml:585
-@@ -919,10 +892,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Standard: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -2097,7 +2068,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> för en viss domän."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Standard: 0"
-
-@@ -2174,7 +2145,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Standard: none"
-
-@@ -2251,8 +2222,8 @@ msgstr ""
- "autentiseringsprocessen är detta alternativ avaktiverat som standard."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Default: False"
-@@ -2626,10 +2597,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (sträng)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2650,10 +2619,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Default: not set (blanka kommer inte ersättas)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -3312,13 +3279,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2263
--#, fuzzy
--#| msgid ""
--#| "This option specifies the maximum allowed number of nested containers."
- msgid "This option is automatically inherited for all trusted domains."
- msgstr ""
--"Detta alternativ specificerar det maximala antalet tillåtna nästlade "
--"behållare."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2267
-@@ -4531,13 +4493,6 @@ msgstr "hybrid"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3205
--#, fuzzy
--#| msgid ""
--#| "A primary group is autogenerated for user entries whose UID and GID "
--#| "numbers have the same value and at the same time the GID number does not "
--#| "correspond to a real group object in LDAP If the values are the same, but "
--#| "the primary GID in the user entry is also used by a group object, the "
--#| "primary GID of the user resolves to that group object."
- msgid ""
- "A primary group is autogenerated for user entries whose UID and GID numbers "
- "have the same value and at the same time the GID number does not correspond "
-@@ -4545,11 +4500,6 @@ msgid ""
- "GID in the user entry is also used by a group object, the primary GID of the "
- "user resolves to that group object."
- msgstr ""
--"En primär grupp autogenereras för användarposter vars UID- och GID-nummer "
--"har samma värde och GID-numret på samma gång inte motsvarar ett verkligt "
--"gruppobjekt i LDAP. Om värdena är samma, men det primära GID:t i "
--"användarposten även används av ett gruppobjekt slås användarens primära GID "
--"upp till det gruppobjektet. "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3218
-@@ -5291,22 +5241,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3693
--#, fuzzy
--#| msgid ""
--#| "With the growing number of authentication methods and the possibility "
--#| "that there are multiple ones for a single user the heuristic used by "
--#| "pam_sss to select the prompting might not be suitable for all use cases. "
--#| "To following options should provide a better flexibility here."
- msgid ""
- "With the growing number of authentication methods and the possibility that "
- "there are multiple ones for a single user the heuristic used by pam_sss to "
- "select the prompting might not be suitable for all use cases. The following "
- "options should provide a better flexibility here."
- msgstr ""
--"Med det växande antalet autentiseringsmetoder och möjligheten att det finns "
--"flera olika för en enskild användare kan det hända att heurestiken som "
--"används av pam_sss för att välja fråga inte är lämplig för alla "
--"användarfall. Följande alternativ bör ge en bättre flexibilitet här."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:3705
-@@ -5364,19 +5304,11 @@ msgstr "single_prompt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3730
--#, fuzzy
--#| msgid ""
--#| "boolean value, if True there will be only a single prompt using the value "
--#| "of first_prompt where it is expected that both factor are entered as a "
--#| "single string"
- msgid ""
- "boolean value, if True there will be only a single prompt using the value of "
- "first_prompt where it is expected that both factors are entered as a single "
- "string"
- msgstr ""
--"booleskt värde, om True kommer det bara vara en fråga som använder värdet på "
--"first_prompt där det förväntas att båda faktorerna matas in som en enda "
--"sträng"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3719
-@@ -5389,37 +5321,19 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3700
--#, fuzzy
--#| msgid ""
--#| "Each supported authentication method has it's own configuration sub-"
--#| "section under <quote>[prompting/...]</quote>. Currently there are: "
--#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#| "\"variablelist\" id=\"1\"/>"
- msgid ""
- "Each supported authentication method has its own configuration subsection "
- "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
- "\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/>"
- msgstr ""
--"Varje autentiseringsmetod som stödjs har sin ege konfigurationsundersektion "
--"under <quote>[prompting/…]</quote>. För närvarande finns det: <placeholder "
--"type=\"variablelist\" id=\"0\"/> <placeholder type=\"variablelist\" id=\"1\"/"
--">"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3742
--#, fuzzy
--#| msgid ""
--#| "It is possible to add a sub-section for specific PAM services like e.g. "
--#| "<quote>[prompting/password/sshd]</quote> to individual change the "
--#| "prompting for this service."
- msgid ""
- "It is possible to add a subsection for specific PAM services, e.g. "
- "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
- "for this service."
- msgstr ""
--"Det är möjligt att lägga till en undersektion för specifika PAM-tjänster som "
--"t.ex. <quote>[prompting/password/sshd]</quote> för att ändra frågorna "
--"enskild för denna tjänst."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd.conf.5.xml:3749 idmap_sss.8.xml:43
-@@ -6200,17 +6114,38 @@ msgstr ""
- "(detta värde eller TGT-livslängden) användas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Standard: 900 (15 minuter)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (heltal)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -6219,17 +6154,17 @@ msgstr ""
- "LDAP-servrar framtvingar en maximal gräns per begäran."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Standard: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -6240,7 +6175,7 @@ msgstr ""
- "RootDSE men det inte är aktiverat eller inte fungerar som det skall."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -6250,7 +6185,7 @@ msgstr ""
- "den."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -6261,17 +6196,17 @@ msgstr ""
- "att några begäranden nekas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Avaktivera Active Directory intervallhämtning."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -6287,12 +6222,12 @@ msgstr ""
- "medlemmar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -6303,17 +6238,40 @@ msgstr ""
- "detta alternativ är definierat av OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr "Standard: använd systemstandard (vanligen angivet i ldap.conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (heltal)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Vid kommunikation med en LDAP-server med SASL, ange den minsta "
-+"säkerhetsnivån som är nödvändig för att etablera förbindelsen. Värdet på "
-+"detta alternativ är definierat av OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -6324,7 +6282,7 @@ msgstr ""
- "individuellt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -6341,7 +6299,7 @@ msgstr ""
- "rootDSE-objektet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -6354,7 +6312,7 @@ msgstr ""
- "OpenLDAP och Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -6365,12 +6323,12 @@ msgstr ""
- "oavsett denna inställning."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -6379,7 +6337,7 @@ msgstr ""
- "några. Det kan anges som ett av följande värden:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -6388,7 +6346,7 @@ msgstr ""
- "några servercertifikat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6399,7 +6357,7 @@ msgstr ""
- "tillhandahålls kommer det ignoreras och sessionen fortsätta normalt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6410,7 +6368,7 @@ msgstr ""
- "tillhandahålls avslutas sessionen omedelbart."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -6421,22 +6379,22 @@ msgstr ""
- "avslutas sessionen omedelbart."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = Samma som <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Standard: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -6445,7 +6403,7 @@ msgstr ""
- "<command>sssd</command> kommer godkänna."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -6454,12 +6412,12 @@ msgstr ""
- "openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -6473,32 +6431,32 @@ msgstr ""
- "namnen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "Anger filen som innehåller certifikatet för klientens nyckel."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Anger filen som innehåller klientens nyckel."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -6509,12 +6467,12 @@ msgstr ""
- "manvolnum></citerefentry> för formatet."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6523,12 +6481,12 @@ msgstr ""
- "\"protocol\">tls</systemitem> för att skydda kanalen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6539,18 +6497,18 @@ msgstr ""
- "förlita sig på ldap_user_uid_number och ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "För närvarande stödjer denna funktion endast Active Direcotory objectSID"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr "ldap_min_id, ldap_max_id (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6568,17 +6526,17 @@ msgstr ""
- "Underdomäner kan sedan välja andra intervall för att översätta ID:n."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr "Standard: inte satt (båda alternativen är satta till 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
-@@ -6587,7 +6545,7 @@ msgstr ""
- "GSSAPI och GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6603,12 +6561,12 @@ msgstr ""
- "conf</refentrytitle> <manvolnum>5</manvolnum></citerefentry> för detaljer."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6628,7 +6586,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6648,17 +6606,17 @@ msgstr ""
- "keytab."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Standard: host/värdnamn@RIKE"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6669,17 +6627,17 @@ msgstr ""
- "ignoreras detta alternativ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Standard: värdet på krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6688,34 +6646,34 @@ msgstr ""
- "att ta fram värdnamnets kanoniska form under en SASL-bindning"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Standard: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
- "Ange den keytab som skall användas vid användning av SASL/GSSAPI/GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Standard: Systemets keytab, normalt <filename>/etc/krb5.keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6726,29 +6684,29 @@ msgstr ""
- "eller GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
- "Anger livslängden i sekunder på TGT:n om GSSAPI eller GSS-SPNEGO används."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Standard: 86400 (24 timmar)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6766,7 +6724,7 @@ msgstr ""
- "mer information, se avsnittet <quote>TJÄNSTEUPPTÄCKT</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6777,7 +6735,7 @@ msgstr ""
- "hittas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6789,27 +6747,27 @@ msgstr ""
- "<quote>krb5_server</quote> istället."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr "Ange Kerberos-RIKE (för SASL/GSSAPI/GSS-SPNEGO aut)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr "Standard: Systemstandard, se <filename>/etc/krb5.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6818,12 +6776,12 @@ msgstr ""
- "servern. Denna funktion är tillgänglig med MIT Kerberos ≥ 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -6838,7 +6796,7 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -6849,12 +6807,12 @@ msgstr ""
- "om lokaliseringsinsticksmodulen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -6863,7 +6821,7 @@ msgstr ""
- "värden är tillåtna:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -6872,7 +6830,7 @@ msgstr ""
- "alternativ kan inte avaktivera lösenordspolicyer på serversidan."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -6883,7 +6841,7 @@ msgstr ""
- "manvolnum></citerefentry> för att utvärdera om lösenordet har gått ut."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -6894,7 +6852,7 @@ msgstr ""
- "chpass_provider=krb5 för att uppdatera dessa attribut när läsenordet ändras."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -6903,17 +6861,17 @@ msgstr ""
- "kommer den alltid gå före framför policyn som sätts med detta alternativ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr "Anger huruvida automatisk uppföljning av referenser skall aktiveras."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -6922,7 +6880,7 @@ msgstr ""
- "kompilerad med OpenLDAP version 2.4.13 eller senare."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -6935,28 +6893,28 @@ msgstr ""
- "alternativ till falskt medföra en märkbar prestandaförbättring."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Anger tjänstenamnet som skall användas när tjänsteupptäckt är aktiverat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Standard: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -6965,17 +6923,17 @@ msgstr ""
- "lösenordsändringar när tjänsteupptäckte är aktiverat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Standard: inte satt, d.v.s. tjänsteupptäckt är avaktiverat"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -6984,12 +6942,12 @@ msgstr ""
- "dagar sedan epoken efter en ändring av lösenord."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -7017,12 +6975,12 @@ msgstr ""
- "manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Exempel:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -7034,7 +6992,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -7043,7 +7001,7 @@ msgstr ""
- "användare vars attribut employeeType är satt till ”admin”."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -7056,17 +7014,17 @@ msgstr ""
- "fortsätta ges åtkomst under frånkoppling, och vice versa."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Standard: Empty"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -7075,7 +7033,7 @@ msgstr ""
- "åtkomststyrningsattribut aktiveras."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -7086,12 +7044,12 @@ msgstr ""
- "felkod även om lösenordet är korrekt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Följande värden är tillåtna:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -7100,7 +7058,7 @@ msgstr ""
- "att avgöra om kontot har gått ut."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -7113,7 +7071,7 @@ msgstr ""
- "kontot kontrolleras också."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -7124,7 +7082,7 @@ msgstr ""
- "tillåts eller inte."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -7137,7 +7095,7 @@ msgstr ""
- "åtkomst."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -7148,23 +7106,23 @@ msgstr ""
- "ldap_account_expire_policy skall fungera."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Kommaseparerad lista över åtkomststyrningsalternativ. Tillåtna värden är:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: använd ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7179,7 +7137,7 @@ msgstr ""
- "fungera."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
-@@ -7189,7 +7147,7 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7210,12 +7168,12 @@ msgstr ""
- "måste vara satt för att denna funktion skall fungera."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr "<emphasis>expire</emphasis>: använd ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -7230,7 +7188,7 @@ msgstr ""
- "exempel SSH-nycklar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -7244,7 +7202,7 @@ msgstr ""
- "pwd_expire_policy_renew – användaren ombeds ändra sitt lösenord omedelbart."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-@@ -7252,7 +7210,7 @@ msgstr ""
- "meddelande av SSSD."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
-@@ -7262,7 +7220,7 @@ msgstr ""
- "lämplig lösenordspolicy."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -7271,13 +7229,13 @@ msgstr ""
- "för att avgöra åtkomst"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: använd attributet host för att avgöra åtkomst"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
-@@ -7286,7 +7244,7 @@ msgstr ""
- "fjärrvärdar kan få åtkomst"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
-@@ -7296,12 +7254,12 @@ msgstr ""
- "åtkomstkontroll aktiveras"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Standard: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -7310,12 +7268,12 @@ msgstr ""
- "gång."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -7328,22 +7286,22 @@ msgstr ""
- "LDAP-servern inte kan kontrolleras ordentligt. "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Exempel: cn=ppolicy,ou=policies,dc=exempel,dc=se"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Standard: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -7352,12 +7310,12 @@ msgstr ""
- "alternativ är tillåtna:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr "<emphasis>never</emphasis>: Alias är aldrig derefererade."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -7366,7 +7324,7 @@ msgstr ""
- "basobjektet, men inte vid lokalisering basobjektet för sökningen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -7375,7 +7333,7 @@ msgstr ""
- "basobjektet för sökningen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -7384,7 +7342,7 @@ msgstr ""
- "lokalisering av basobjektet för sökningen."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -7393,12 +7351,12 @@ msgstr ""
- "klientbiblioteken)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -7407,7 +7365,7 @@ msgstr ""
- "servrar som använder schemat RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -7424,7 +7382,7 @@ msgstr ""
- "via anrop av getpw*() eller initgroups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -7435,12 +7393,12 @@ msgstr ""
- "de lokala användarna med de extra LDAP-grupperna."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr "wildcard_limit (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
-@@ -7449,25 +7407,18 @@ msgstr ""
- "jokertecken."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
- "För närvarande stödjer endast respondenten InfoPipe jockeruppslagningar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr "Standard: 1000 (ofta storleken på en sida)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -7477,19 +7428,14 @@ msgid ""
- "<refentrytitle>sssd-ldap-attributes</refentrytitle> <manvolnum>5</manvolnum> "
- "</citerefentry> manual page. <placeholder type=\"variablelist\" id=\"0\"/>"
- msgstr ""
--"Alla de vanliga konfigurationsalternativen som gäller SSSD-domäner gäller "
--"även LDAP-domäner. Se avsnittet <quote>DOMÄNSEKTIONER</quote> av "
--"manualsidan <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry> för fullständiga detaljer. "
--"<placeholder type=\"variablelist\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "SUDOALTERNATIV"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -7500,12 +7446,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -7515,7 +7461,7 @@ msgstr ""
- "servern)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -7524,17 +7470,17 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Standard: 21600 (6 timmar)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -7545,7 +7491,7 @@ msgstr ""
- "USN-värde som för närvarande är känt av SSSD)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -7554,7 +7500,7 @@ msgstr ""
- "istället."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -7570,12 +7516,12 @@ msgstr ""
- "<emphasis>ldap_connection_expire_timeout</emphasis>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -7584,12 +7530,12 @@ msgstr ""
- "(genom användning av IPv4- och IPv6-värd-/-nätverksadresser och värdnamn)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7598,7 +7544,7 @@ msgstr ""
- "domännamn som skall användas för att filtrera reglerna."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7607,8 +7553,8 @@ msgstr ""
- "fullständigt kvalificerade domännamnet automatiskt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7617,17 +7563,17 @@ msgstr ""
- "emphasis> har detta alternativ ingen effekt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Standard: inte angivet"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7636,7 +7582,7 @@ msgstr ""
- "skall användas för att filtrera reglerna."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7645,12 +7591,12 @@ msgstr ""
- "automatiskt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7659,12 +7605,12 @@ msgstr ""
- "attributet sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7673,7 +7619,7 @@ msgstr ""
- "attributet sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
-@@ -7682,7 +7628,7 @@ msgstr ""
- "LDAP-serversidan!"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7695,12 +7641,12 @@ msgstr ""
- "manvolnum> </citerefentry>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "AUTOFSALTERNATIV"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
-@@ -7708,47 +7654,47 @@ msgstr ""
- "Några av standardvärdena för parametrar nedan är beroende på LDAP-schemat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Namnet på automount master-kartan i LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Standard: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "AVANCERADE ALTERNATIV"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7761,22 +7707,22 @@ msgstr ""
- "avaktivera denna funktion om gruppnamn inte visas korrekt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7789,14 +7735,14 @@ msgstr ""
- "\"variablelist\" id=\"1\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "EXEMPEL"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7806,7 +7752,7 @@ msgstr ""
- "till en av domänerna i avsnittet <replaceable>[domains]</replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7826,20 +7772,20 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr "LDAP-ÅTKOMSTFILTEREXEMPEL"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
-@@ -7848,7 +7794,7 @@ msgstr ""
- "ldap_access_order=lockout används."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -7874,13 +7820,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "NOTER"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -9784,7 +9730,7 @@ msgstr ""
- "identifiera denna värd. Värdnamnet måste vara fullständigt kvalificerat."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (boolean)"
-
-@@ -9804,7 +9750,7 @@ msgstr ""
- "alternativet <quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -9824,12 +9770,12 @@ msgstr ""
- "använda <emphasis>dyndns_update</emphasis> i sin konfigurationsfil."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (heltal)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -9856,12 +9802,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Default: 1200 (sekunder)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -9894,17 +9840,17 @@ msgstr ""
- "förbindelsen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr "Exempel: dyndns_iface = em1, vnet1, vnet2"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr "dyndns_auth (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -9915,7 +9861,7 @@ msgstr ""
- "sätta detta alternativ till ”none”."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr "Standard: GSS-TSIG"
-
-@@ -9949,7 +9895,7 @@ msgstr ""
- "upptäckten används som backup-servrar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (heltal)"
-
-@@ -9965,12 +9911,12 @@ msgstr ""
- "alternativ är valfritt och tillämpligt endast när dyndns_update är sann."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -9993,12 +9939,12 @@ msgid "Default: False (disabled)"
- msgstr "Standard: False (avaktiverat)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (bool)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -10007,17 +9953,17 @@ msgstr ""
- "med DNS-servern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Standard: False (låt nsupdate välja protokollet)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr "dyndns_server (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
-@@ -10026,7 +9972,7 @@ msgstr ""
- "flesta uppsättningar rekommenderas det att låta detta alternativ vara osatt."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
-@@ -10035,7 +9981,7 @@ msgstr ""
- "skild från identitetsservern."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
-@@ -10045,17 +9991,17 @@ msgstr ""
- "inställningar misslyckas."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr "Standard: Ingen (låt nsupdate välja servern)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr "dyndns_update_per_family (boolean)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -10183,12 +10129,12 @@ msgstr ""
- "till bas-DN:en för att användas när LDAP-operationer utförs."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
-@@ -10197,7 +10143,7 @@ msgstr ""
- "för Kerberos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
-@@ -10206,7 +10152,7 @@ msgstr ""
- "”none”."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -11252,19 +11198,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:359
--#, fuzzy
--#| msgid ""
--#| "GPO-based access control functionality uses GPO policy settings to "
--#| "determine whether or not a particular user is allowed to logon to a "
--#| "particular host."
- msgid ""
- "GPO-based access control functionality uses GPO policy settings to determine "
- "whether or not a particular user is allowed to logon to the host. For more "
- "information on the supported policy settings please refer to the "
- "<quote>ad_gpo_map</quote> options."
- msgstr ""
--"GPO-baserad åtkomstkontrollsfunktionalitet använder GPO-policyinställningar "
--"för att avgöra huruvida en viss användare tillåts att logga på en viss värd."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:367
-@@ -11322,16 +11261,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:417
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the operation mode is set to enforcing, it is possible that "
--#| "users that were previously allowed logon access will now be denied logon "
--#| "access (as dictated by the GPO policy settings). In order to facilitate a "
--#| "smooth transition for administrators, a permissive mode is available that "
--#| "will not enforce the access control rules, but will evaluate them and "
--#| "will output a syslog message if access would have been denied. By "
--#| "examining the logs, administrators can then make the necessary changes "
--#| "before setting the mode to enforcing."
- msgid ""
- "NOTE: If the operation mode is set to enforcing, it is possible that users "
- "that were previously allowed logon access will now be denied logon access "
-@@ -11344,14 +11273,6 @@ msgid ""
- "functions' is required (see <citerefentry> <refentrytitle>sssctl</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page)."
- msgstr ""
--"OBS: Om arbetsläget är satt till tvingande är det möjligt att användare som "
--"tidigare tilläts inloggningsåtkomst nu kommer att nekas inloggningsåtkomst "
--"(som det dikteras av GPO-policyinställningarna). För att möjliggöra en "
--"smidig övergång för administratörer är ett tillåtande läge tillgängligt som "
--"inte kommer tvinga reglerna för åtkomstkontroll, men kommer beräkna dem och "
--"skriva ut ett syslog-meddelande om åtkomst skulle ha nekats. Genom att "
--"granska loggarna kan administratörer sedan göra de nödvändiga ändringarna "
--"före de ställer in arbetsläget till tvingande."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:436
-@@ -12012,9 +11933,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr "Standard: 86400:750 (24h och 15m)"
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (boolean)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -12030,12 +11969,12 @@ msgstr ""
- "på annat sätt med alternativet <quote>dyndns_iface</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Standard: 3600 (sekunder)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
-@@ -12044,7 +11983,7 @@ msgstr ""
- "förbindelsen"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -12059,12 +11998,12 @@ msgstr ""
- "mindre än 60 ges kommer parametern endast anta det lägsta värdet."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Standard: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -12075,7 +12014,7 @@ msgstr ""
- "exempel visar endast alternativ som är specifika för leverantören AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -12099,7 +12038,7 @@ msgstr ""
- "ad_domain = exempel.se\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -12111,7 +12050,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -12122,7 +12061,7 @@ msgstr ""
- "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -12137,7 +12076,7 @@ msgstr ""
- "krypteringsdetaljer) manuellt."
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -12754,16 +12693,10 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
- msgstr ""
--"Om miljövariabeln SSS_NSS_USE_MEMCACHE är satt till ”NO” kommer "
--"klientprogram inte använda den snabba cachen i minnet."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
-@@ -14016,38 +13949,20 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:518
--#, fuzzy
--#| msgid ""
--#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a "
--#| "colon. The first number represents number of primary servers used and the "
--#| "second number specifies the number of backup servers."
- msgid ""
- "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. "
- "The first number represents number of primary servers used and the second "
- "number specifies the number of backup servers."
- msgstr ""
--"Alternativet krb5_kdcinfo_lookahead innehåller två tal separerade av ett "
--"kolon. Det första talet representerar antalet primärservrar som används och "
--"det andra talet anger antalet reservservrar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
--#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup "
--#| "servers."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> but no backup "
- "servers."
- msgstr ""
--"Till exempel betyder <emphasis>10:0</emphasis> att upp till 10 primärservrar "
--"kommer lämnas till<citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. men inga "
--"reservservrar."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -17121,21 +17036,11 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
- #: sssd-kcm.8.xml:61
--#, fuzzy
--#| msgid ""
--#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
--#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry> secrets store, allowing the ccaches to survive KCM server "
--#| "restarts or machine reboots."
- msgid ""
- "the SSSD implementation stores the ccaches in a database, typically located "
- "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to "
- "survive KCM server restarts or machine reboots."
- msgstr ""
--"SSSD-implementationen sparar ccache:rna i SSSD:s hemlighetsförråd "
--"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
--"manvolnum> </citerefentry>, vilket gör att ccache:rna kan överleva att KCM-"
--"servern eller hela maskinen startas om."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:67
-@@ -17322,24 +17227,12 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the files provider for <citerefentry> "
--#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
--#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"Denna manualsida besriver filleverantören till <citerefentry> "
--"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--"citerefentry>. För en detaljerad referens om syntaxen, se avsnittet "
--"<quote>FILFORMAT</quote> i manualsidan <citerefentry> <refentrytitle>sssd."
--"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -17373,10 +17266,8 @@ msgstr "Standard: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "max_secrets (integer)"
- msgid "max_ccaches (integer)"
--msgstr "max_secrets (heltal)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
-@@ -17390,10 +17281,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "max_uid_secrets (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "max_uid_secrets (heltal)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -17404,17 +17293,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Standard: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "max_payload_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "max_payload_size (heltal)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -17425,10 +17310,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Standard: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -17608,13 +17491,7 @@ msgstr "Känner av funktionen sdap_get_generic_ext_send()."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:152
--#, fuzzy, no-wrap
--#| msgid ""
--#| "base:string\n"
--#| "scope:integer\n"
--#| "filter:string\n"
--#| "probestr:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "base:string\n"
- "scope:integer\n"
-@@ -17623,11 +17500,6 @@ msgid ""
- "probestr:string\n"
- " "
- msgstr ""
--"base:sträng\n"
--"scope:heltal\n"
--"filter:sträng\n"
--"probestr:sträng\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:161
-@@ -17657,10 +17529,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:176
--#, fuzzy
--#| msgid "probe sdap_deref_send"
- msgid "probe sdap_parse_entry"
--msgstr "testpunkt sdap_deref_send"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:179
-@@ -17671,24 +17541,17 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "filter:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"filter:sträng\n"
--" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
--#, fuzzy
--#| msgid "probe dp_req_done"
- msgid "probe sdap_parse_entry_done"
--msgstr "testpunkt dp_req_done"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:193
-@@ -17976,10 +17839,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (sträng)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
-@@ -17998,28 +17859,16 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "SSSD LDAP-leverantör"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -18027,11 +17876,6 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"Denna manualsida beskriver beskriver konfigurationen av LDAP-domäner för "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Se avsnittet <quote>FILFORMAT</quote> av manualsidan "
--"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--"manvolnum> </citerefentry> för detaljerad syntaxinformation."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
-@@ -18907,10 +18751,8 @@ msgstr "ldap_group_modify_timestamp (sträng)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (sträng)"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -19132,10 +18974,8 @@ msgstr "LDAP-attributet som innehåller UUID/GUID för ett LDAP-värdobjekt."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "TJÄNSTESEKTIONER"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -19380,10 +19220,8 @@ msgstr "Standard: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "AUTOFSALTERNATIV"
-+msgstr ""
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -19691,19 +19529,15 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout"
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
--#, fuzzy
--#| msgid "How long would SSSD talk to a single DNS server."
- msgid ""
- "Time in milliseconds that sets how long would SSSD talk to a single DNS "
- "server before trying next one."
--msgstr "Hur länge SSSD skall prata med en enskild DNS-server."
-+msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:90
-@@ -19749,13 +19583,6 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
- #: include/failover.xml:123
--#, fuzzy
--#| msgid ""
--#| "For LDAP-based providers, the resolve operation is performed as part of "
--#| "an LDAP connection operation. Therefore, also the "
--#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value "
--#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a "
--#| "larger value than <quote>dns_resolver_op_timeout</quote>."
- msgid ""
- "For LDAP-based providers, the resolve operation is performed as part of an "
- "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
-@@ -19764,11 +19591,6 @@ msgid ""
- "value than <quote>dns_resolver_op_timeout</quote> which should be larger "
- "than <quote>dns_resolver_server_timeout</quote>."
- msgstr ""
--"För LDAP-baserade leverantörer utförs uppslagningsoperationen som en del av "
--"LDAP-anslutningsoperationen. Därför skall även tidsgränsen "
--"<quote>ldap_opt_timeout></quote> sättas till ett större värde än "
--"<quote>dns_resolver_timeout</quote> som i sin tur skall sättas till ett "
--"större värde än <quote>dns_resolver_op_timeout</quote>."
-
- #. type: Content of: <refsect1><title>
- #: include/ldap_id_mapping.xml:2
-@@ -21008,93 +20830,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier"
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr "ldap_group_external_member = ipaExternalMember"
--
--#~ msgid ""
--#~ "The background refresh will process users, groups and netgroups in the "
--#~ "cache."
--#~ msgstr ""
--#~ "Bakgrundsuppdateringen kommer bearbeta användare, grupper och nätgrupper "
--#~ "i cachen."
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Standard: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (heltal)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the InteractiveLogonRight and "
--#~ "DenyInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "InteractiveLogonRight och DenyInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the RemoteInteractiveLogonRight and "
--#~ "DenyRemoteInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "RemoteInteractiveLogonRight och DenyRemoteInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the NetworkLogonRight and "
--#~ "DenyNetworkLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "NetworkLogonRight och DenyNetworkLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
--#~ "policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna BatchLogonRight "
--#~ "och DenyBatchLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the ServiceLogonRight and "
--#~ "DenyServiceLogonRight policy settings."
--#~ msgstr ""
--#~ "En kommaseparerad lista av PAM-tjänstenamn för vilka GPO-baserad "
--#~ "åtkomstkontroll beräknas baserat på policyinställningarna "
--#~ "ServiceLogonRight och DenyServiceLogonRight."
--
--#~ msgid ""
--#~ "The KCM service is configured in the <quote>kcm</quote> section of the "
--#~ "sssd.conf file. Please note that currently, is it not sufficient to "
--#~ "restart the sssd-kcm service, because the sssd configuration is only "
--#~ "parsed and read to an internal configuration database by the sssd "
--#~ "service. Therefore you must restart the sssd service if you change "
--#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed "
--#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
--#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--#~ "manvolnum> </citerefentry> manual page."
--#~ msgstr ""
--#~ "Tjänsten KCM konfigureras i avsnittet <quote>kcm</quote> av filen sssd."
--#~ "conf file. Observera att för närvarande är det inte tillräckligt att "
--#~ "starta om tjänsten sssd-kcm, eftersom konfigurationen av sssd bara tolkas "
--#~ "och läses till en intern konfigurationsdatabas av tjänsten sssd. Därför "
--#~ "måste man starta om tjänsten sssd om man ändrar något i avsnittet "
--#~ "<quote>kcm</quote> av sssd.conf. för en detaljerad syntaxreferens, se "
--#~ "avsnittet <quote>FILFORMAT</quote> manualsidan <citerefentry> "
--#~ "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--#~ "citerefentry>."
-diff --git a/src/man/po/tg.po b/src/man/po/tg.po
-index d723e7aa1..079c73eca 100644
---- a/src/man/po/tg.po
-+++ b/src/man/po/tg.po
-@@ -5,9 +5,9 @@
- # Translators:
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:10+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Tajik (http://www.transifex.com/projects/p/sssd/language/"
-@@ -294,9 +294,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Пешфарз: true"
-@@ -316,16 +316,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Пешфарз: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -354,7 +354,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Пешфарз: 10"
-
-@@ -652,8 +652,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -762,10 +762,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Пешфарз: 5"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1735,7 +1733,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Пешфарз: 0"
-
-@@ -1799,7 +1797,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1864,8 +1862,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5034,34 +5032,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5069,14 +5086,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5084,17 +5101,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5104,12 +5121,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5117,17 +5134,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5135,7 +5165,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5146,7 +5176,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5155,7 +5185,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5163,26 +5193,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5190,7 +5220,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5198,7 +5228,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5206,41 +5236,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5249,32 +5279,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5282,24 +5312,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5307,17 +5337,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5328,24 +5358,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5356,12 +5386,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5374,7 +5404,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5386,17 +5416,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5404,49 +5434,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Пешфарз: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5454,28 +5484,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5487,7 +5517,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5495,7 +5525,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5503,39 +5533,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5545,7 +5575,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5553,26 +5583,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5580,7 +5610,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5588,31 +5618,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5621,56 +5651,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5686,12 +5716,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Намуна:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5700,14 +5730,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5716,24 +5746,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5741,19 +5771,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5762,7 +5792,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5770,7 +5800,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5779,7 +5809,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5787,22 +5817,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5812,14 +5842,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5832,12 +5862,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5847,7 +5877,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5857,63 +5887,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5922,74 +5952,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6000,7 +6030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6008,24 +6038,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6042,12 +6072,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6055,36 +6085,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6092,14 +6122,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6109,101 +6139,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6212,59 +6242,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6273,22 +6303,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6297,14 +6327,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "НАМУНА"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6312,7 +6342,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6325,27 +6355,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6361,13 +6391,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "ЭЗОҲҲО"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7897,7 +7927,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7912,7 +7942,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7927,12 +7957,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7953,12 +7983,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7982,17 +8012,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8000,7 +8030,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8027,7 +8057,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8040,12 +8070,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8064,60 +8094,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8231,26 +8261,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9690,9 +9720,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9702,19 +9748,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9724,12 +9770,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9737,7 +9783,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9752,7 +9798,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9761,7 +9807,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9769,7 +9815,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9779,7 +9825,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13898,10 +13944,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Пешфарз: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13917,10 +13961,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Пешфарз: 6"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-diff --git a/src/man/po/uk.po b/src/man/po/uk.po
-index 16d288464..1c706cc16 100644
---- a/src/man/po/uk.po
-+++ b/src/man/po/uk.po
-@@ -12,10 +12,10 @@
- # Yuri Chornoivan <yurchor@ukr.net>, 2019. #zanata
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
--"PO-Revision-Date: 2019-06-14 04:59+0000\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
-+"PO-Revision-Date: 2019-12-03 01:50+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Ukrainian (http://www.transifex.com/projects/p/sssd/language/"
- "uk/)\n"
-@@ -362,9 +362,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr "Типове значення: true"
-@@ -387,16 +387,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr "Типове значення: false"
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -429,7 +429,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr "Типове значення: 10"
-
-@@ -642,10 +642,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:322
--#, fuzzy
--#| msgid "krb5_use_kdcinfo (boolean)"
- msgid "monitor_resolv_conf (boolean)"
--msgstr "krb5_use_kdcinfo (булеве значення)"
-+msgstr "monitor_resolv_conf (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:325
-@@ -653,6 +651,8 @@ msgid ""
- "Controls if SSSD should monitor the state of resolv.conf to identify when it "
- "needs to update its internal DNS resolver."
- msgstr ""
-+"Керує тим, чи SSSD має спостерігати за станом resolv.conf для визначення "
-+"моменту, коли слід оновити дані вбудованого інструмента визначення DNS."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:335
-@@ -661,20 +661,13 @@ msgstr "try_inotify (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:338
--#, fuzzy
--#| msgid ""
--#| "SSSD monitors the state of resolv.conf to identify when it needs to "
--#| "update its internal DNS resolver. By default, we will attempt to use "
--#| "inotify for this, and will fall back to polling resolv.conf every five "
--#| "seconds if inotify cannot be used."
- msgid ""
- "By default, SSSD will attempt to use inotify to monitor configuration files "
- "changes and will fall back to polling every five seconds if inotify cannot "
- "be used."
- msgstr ""
--"SSSD спостерігає за станом resolv.conf для визначення моменту, коли слід "
--"оновити дані вбудованого інструменту визначення DNS. Типово, з цією метою "
--"використовується inotify. У разі неможливості використання inotify, "
-+"Типово, з метою спостереження за змінами у файлах налаштувань SSSD "
-+"намагається використати inotify. Якщо використати inotify не вдається, "
- "виконуватиметься опитування resolv.conf кожні п’ять секунд."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
-@@ -794,13 +787,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:420
--#, fuzzy
--#| msgid ""
--#| "Please note that if this option is set all users from the primary domain "
--#| "have to use their fully qualified name, e.g. user@domain.name, to log in. "
--#| "Setting this option changes default of use_fully_qualified_names to True. "
--#| "It is not allowed to use this option together with "
--#| "use_fully_qualified_names set to False."
- msgid ""
- "Please note that if this option is set all users from the primary domain "
- "have to use their fully qualified name, e.g. user@domain.name, to log in. "
-@@ -811,16 +797,20 @@ msgid ""
- "nss_files and therefore their output is not qualified even when the "
- "default_domain_suffix option is used."
- msgstr ""
--"Будь ласка, зауважте, що якщо встановлено цей параметр, для усіх "
--"користувачів із основного домену доведеться використовувати ім’я повністю, "
--"тобто користувач@назва.домену, для входу до системи. Встановлення цього "
--"параметра змінює типове значення use_fully_qualified_names на True. Цей "
--"параметр не можна використовувати у поєднанні із значенням "
--"use_fully_qualified_names рівним False."
-+"Будь ласка, зауважте, що якщо встановлено цей параметр, для входу до системи "
-+"усім користувачам із основного домену доведеться використовувати повне ім'я "
-+"користувача — користувач@назва.домену. Встановлення цього параметра змінює "
-+"типове значення параметра use_fully_qualified_names на True. Цей параметр не "
-+"можна використовувати у поєднанні із встановленням для параметра "
-+"use_fully_qualified_names значення False. Єдиним виключенням з цього правила "
-+"є домени із <quote>id_provider=files</quote>, для яких завжди виконується "
-+"спроба встановлення поведінки, як відповідає nss_files, а отже, виведені "
-+"імена для них не будуть повними, навіть якщо використано параметр "
-+"default_domain_suffix."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -890,15 +880,13 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:483
--#, fuzzy
--#| msgid "no_ocsp"
- msgid "soft_ocsp"
--msgstr "no_ocsp"
-+msgstr "soft_ocsp"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:485 sssd.conf.5.xml:585
- msgid "(NSS Version) This option is ignored."
--msgstr ""
-+msgstr "(Версія для NSS) Цей параметр буде проігноровано."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:488
-@@ -908,11 +896,15 @@ msgid ""
- "authentication when the system is offline and the OCSP responder cannot be "
- "reached."
- msgstr ""
-+"(Версія для OpenSSL) Якщо не вдасться встановити з'єднання із відповідачем "
-+"OCSP, перевірку OCSP буде пропущено. Цим параметром слід користуватися для "
-+"того, щоб дозволити розпізнавання тоді, коли система працює автономно, отже "
-+"відповідач OCSP є недоступним."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:498
- msgid "ocsp_dgst"
--msgstr ""
-+msgstr "ocsp_dgst"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:500
-@@ -920,39 +912,41 @@ msgid ""
- "Digest (hash) function used to create the certificate ID for the OCSP "
- "request. Allowed values are:"
- msgstr ""
-+"Функція обчислення контрольної суми (хешу), яку буде використано для "
-+"створення ідентифікатора сертифіката для запиту OCSP. Можливі значення:"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:504
- msgid "sha1"
--msgstr ""
-+msgstr "sha1"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:505
- msgid "sha256"
--msgstr ""
-+msgstr "sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:506
- msgid "sha384"
--msgstr ""
-+msgstr "sha384"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd.conf.5.xml:507
- msgid "sha512"
--msgstr ""
-+msgstr "sha512"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 5"
- msgid "Default: sha256"
--msgstr "Типове значення: 5"
-+msgstr "Типове значення: sha256"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
- msgid ""
- "(NSS Version) This option is ignored, because NSS uses sha1 unconditionally."
- msgstr ""
-+"(Версія для NSS) Цей параметр буде проігноровано, оскільки у NSS завжди "
-+"використовується sha1."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:518
-@@ -1059,7 +1053,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:583
- msgid "soft_crl"
--msgstr ""
-+msgstr "soft_crl"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:588
-@@ -1069,6 +1063,10 @@ msgid ""
- "allow authentication when the system is offline and the CRL cannot be "
- "renewed."
- msgstr ""
-+"(Версія для OpenSSL) Якщо строк дії списку відкликання сертифікатів (CRL) "
-+"вичерпано, перевірки CRL для відповідних сертифікатів буде проігноровано. "
-+"Цим параметром слід користуватися для уможливлення розпізнавання у системах, "
-+"які працюють у автономному режимі, коли оновлення CRL є неможливим."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:468
-@@ -2157,7 +2155,7 @@ msgstr ""
- "<emphasis>pwd_expiration_warning</emphasis> для окремого домену."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr "Типове значення: 0"
-
-@@ -2236,7 +2234,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr "Типове значення: none"
-
-@@ -2315,8 +2313,8 @@ msgstr ""
- "розпізнавання, типово таку сертифікацію вимкнено."
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr "Типове значення: False"
-@@ -2696,10 +2694,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1751
--#, fuzzy
--#| msgid "ldap_user_certificate (string)"
- msgid "ssh_use_certificate_matching_rules (string)"
--msgstr "ldap_user_certificate (рядок)"
-+msgstr "ssh_use_certificate_matching_rules (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1754
-@@ -2710,6 +2706,12 @@ msgid ""
- "comma separated list of mapping and matching rule names. All other rules "
- "will be ignored."
- msgstr ""
-+"Типово, відповідач SSH буде використовувати усі доступні правила "
-+"встановлення відповідності сертифікатів для фільтрування сертифікатів, тому "
-+"ключі SSH будуть створюватися лише на основі відповідних правилам "
-+"сертифікатів. За допомогою цього параметра можна обмежити перелік "
-+"використаних правил на основі списку назв правил прив'язки і відповідності, "
-+"відокремлених комами. Усі інші правила буде проігноровано."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1763
-@@ -2717,13 +2719,14 @@ msgid ""
- "If a non-existing rule name is given all rules will be ignored and all "
- "available certificates will be used to derive ssh keys."
- msgstr ""
-+"Якщо буде вказано назву правила, якого не існує, буде проігноровано усі "
-+"правила, а для створення ключів SSH буде використано усі доступні "
-+"сертифікати."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1768
--#, fuzzy
--#| msgid "Default: not set (spaces will not be replaced)"
- msgid "Default: not set, all found rules are used"
--msgstr "Типове значення: не встановлено (пробіли не замінятимуться)"
-+msgstr "Типове значення: не встановлено, буде використано усі знайдені правила"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
- #: sssd.conf.5.xml:1773
-@@ -3389,15 +3392,16 @@ msgid ""
- "user, typically ran at login) operation in the past, both the user entry "
- "and the group membership are updated."
- msgstr ""
-+"Під час фонового оновлення виконуватиметься обробка записів користувачів, "
-+"груп та мережевих груп у кеші. для записів користувачів, для яких "
-+"виконувалися дії з ініціювання груп (отримання даних щодо участі користувача "
-+"у групах, які типово виконуються під час входу до системи), буде оновлено і "
-+"запис користувача, і дані щодо участі у групах."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2263
--#, fuzzy
--#| msgid ""
--#| "This option specifies the maximum allowed number of nested containers."
- msgid "This option is automatically inherited for all trusted domains."
--msgstr ""
--"Цей параметр визначає максимальну дозволену кількість вкладених контейнерів."
-+msgstr "Цей параметр автоматично успадковується для усіх довірених доменів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:2267
-@@ -4646,13 +4650,6 @@ msgstr "hybrid"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3205
--#, fuzzy
--#| msgid ""
--#| "A primary group is autogenerated for user entries whose UID and GID "
--#| "numbers have the same value and at the same time the GID number does not "
--#| "correspond to a real group object in LDAP If the values are the same, but "
--#| "the primary GID in the user entry is also used by a group object, the "
--#| "primary GID of the user resolves to that group object."
- msgid ""
- "A primary group is autogenerated for user entries whose UID and GID numbers "
- "have the same value and at the same time the GID number does not correspond "
-@@ -5410,12 +5407,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3693
--#, fuzzy
--#| msgid ""
--#| "With the growing number of authentication methods and the possibility "
--#| "that there are multiple ones for a single user the heuristic used by "
--#| "pam_sss to select the prompting might not be suitable for all use cases. "
--#| "To following options should provide a better flexibility here."
- msgid ""
- "With the growing number of authentication methods and the possibility that "
- "there are multiple ones for a single user the heuristic used by pam_sss to "
-@@ -5484,11 +5475,6 @@ msgstr "single_prompt"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:3730
--#, fuzzy
--#| msgid ""
--#| "boolean value, if True there will be only a single prompt using the value "
--#| "of first_prompt where it is expected that both factor are entered as a "
--#| "single string"
- msgid ""
- "boolean value, if True there will be only a single prompt using the value of "
- "first_prompt where it is expected that both factors are entered as a single "
-@@ -5509,12 +5495,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3700
--#, fuzzy
--#| msgid ""
--#| "Each supported authentication method has it's own configuration sub-"
--#| "section under <quote>[prompting/...]</quote>. Currently there are: "
--#| "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#| "\"variablelist\" id=\"1\"/>"
- msgid ""
- "Each supported authentication method has its own configuration subsection "
- "under <quote>[prompting/...]</quote>. Currently there are: <placeholder type="
-@@ -5527,11 +5507,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.conf.5.xml:3742
--#, fuzzy
--#| msgid ""
--#| "It is possible to add a sub-section for specific PAM services like e.g. "
--#| "<quote>[prompting/password/sshd]</quote> to individual change the "
--#| "prompting for this service."
- msgid ""
- "It is possible to add a subsection for specific PAM services, e.g. "
- "<quote>[prompting/password/sshd]</quote> to individual change the prompting "
-@@ -6341,17 +6316,38 @@ msgstr ""
- "дії TGT)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr "Типове значення: 900 (15 хвилин)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+#, fuzzy
-+#| msgid "ldap_connection_expire_timeout (integer)"
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr "ldap_connection_expire_timeout (ціле значення)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr "ldap_page_size (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
-@@ -6361,17 +6357,17 @@ msgstr ""
- "один запит."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr "Типове значення: 1000"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr "ldap_disable_paging (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -6382,7 +6378,7 @@ msgstr ""
- "RootDSE, але цю підтримку не увімкнено або вона не працює належним чином."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
-@@ -6392,7 +6388,7 @@ msgstr ""
- "підтримкою не можна скористатися."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -6403,17 +6399,17 @@ msgstr ""
- "це може призвести до відмови у виконанні запитів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr "ldap_disable_range_retrieval (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr "Вимкнути отримання діапазону Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -6429,12 +6425,12 @@ msgstr ""
- "буде представлено як такі, у яких немає учасників."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr "ldap_sasl_minssf (ціле значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -6445,19 +6441,42 @@ msgstr ""
- "параметра визначається OpenLDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
- "Типове значення: типове для системи значення (зазвичай, визначається у ldap."
- "conf)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+#, fuzzy
-+#| msgid "ldap_sasl_minssf (integer)"
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr "ldap_sasl_minssf (ціле значення)"
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+#, fuzzy
-+#| msgid ""
-+#| "When communicating with an LDAP server using SASL, specify the minimum "
-+#| "security level necessary to establish the connection. The values of this "
-+#| "option are defined by OpenLDAP."
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+"Під час обміну даними з сервером LDAP за допомогою SASL визначає мінімальний "
-+"рівень захисту, потрібний для встановлення з’єднання. Значення цього "
-+"параметра визначається OpenLDAP."
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr "ldap_deref_threshold (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -6469,7 +6488,7 @@ msgstr ""
- "виконуватиметься окремо."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -6487,7 +6506,7 @@ msgstr ""
- "rootDSE."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -6500,7 +6519,7 @@ msgstr ""
- "OpenLDAP та Active Directory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -6511,12 +6530,12 @@ msgstr ""
- "незалежно від використання цього параметра."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr "ldap_tls_reqcert (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
-@@ -6526,7 +6545,7 @@ msgstr ""
- "таких значень:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
-@@ -6535,7 +6554,7 @@ msgstr ""
- "жодних сертифікатів сервера."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6547,7 +6566,7 @@ msgstr ""
- "режимі."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -6558,7 +6577,7 @@ msgstr ""
- "надано помилковий сертифікат, негайно перервати сеанс."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -6569,22 +6588,22 @@ msgstr ""
- "перервати сеанс."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr "<emphasis>hard</emphasis> = те саме, що і <quote>demand</quote>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr "Типове значення: hard"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr "ldap_tls_cacert (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
-@@ -6593,7 +6612,7 @@ msgstr ""
- "розпізнаються <command>sssd</command>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
-@@ -6602,12 +6621,12 @@ msgstr ""
- "у <filename>/etc/openldap/ldap.conf</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr "ldap_tls_cacertdir (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -6620,32 +6639,32 @@ msgstr ""
- "<command>cacertdir_rehash</command>, якщо ця програма є доступною."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr "ldap_tls_cert (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr "Визначає файл, який містить сертифікат для ключа клієнта."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr "ldap_tls_key (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr "Визначає файл, у якому міститься ключ клієнта."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr "ldap_tls_cipher_suite (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -6657,12 +6676,12 @@ msgstr ""
- "<manvolnum>5</manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr "ldap_id_use_start_tls (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
-@@ -6671,12 +6690,12 @@ msgstr ""
- "class=\"protocol\">tls</systemitem> для захисту каналу."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr "ldap_id_mapping (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -6688,19 +6707,19 @@ msgstr ""
- "ldap_group_gid_number."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
- "У поточній версії у цій можливості передбачено підтримку лише встановлення "
- "відповідності objectSID у ActiveDirectory."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr "ldap_min_id, ldap_max_id (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -6720,18 +6739,18 @@ msgstr ""
- "ідентифікаторів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
- "Типове значення: не встановлено (обидва параметри встановлено у значення 0)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr "ldap_sasl_mech (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
-@@ -6740,7 +6759,7 @@ msgstr ""
- "перевірено і передбачено підтримку лише механізмів GSSAPI та GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -6758,12 +6777,12 @@ msgstr ""
- "manvolnum></citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr "ldap_sasl_authid (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -6783,7 +6802,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -6804,17 +6823,17 @@ msgstr ""
- "таблиці ключів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr "Типове значення: вузол/назва_вузла@ОБЛАСТЬ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr "ldap_sasl_realm (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -6826,17 +6845,17 @@ msgstr ""
- "проігноровано."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr "Типове значення: значення krb5_realm."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr "ldap_sasl_canonicalize (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
-@@ -6846,36 +6865,36 @@ msgstr ""
- "SASL."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr "Типове значення: false;"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr "ldap_krb5_keytab (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
- "Визначає таблицю ключів, яку слід використовувати разом з SASL/GSSAPI/GSS-"
- "SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
- "Типове значення: системна таблиця ключів, зазвичай <filename>/etc/krb5."
- "keytab</filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr "ldap_krb5_init_creds (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -6886,12 +6905,12 @@ msgstr ""
- "механізм GSSAPI або GSS-SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr "ldap_krb5_ticket_lifetime (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-@@ -6899,17 +6918,17 @@ msgstr ""
- "SPNEGO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr "Типове значення: 86400 (24 години)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr "krb5_server, krb5_backup_server (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -6928,7 +6947,7 @@ msgstr ""
- "про виявлення служб можна дізнатися з розділу «ПОШУК СЛУЖБ»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -6940,7 +6959,7 @@ msgstr ""
- "вдасться знайти."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -6951,30 +6970,30 @@ msgstr ""
- "варто перейти на використання «krb5_server» у файлах налаштувань."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr "krb5_realm (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
- "Вказати область Kerberos (для розпізнавання за SASL/GSSAPI/GSS-SPNEGO)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
- "Типове значення: типове значення системи, див. <filename>/etc/krb5.conf</"
- "filename>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr "krb5_canonicalize (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
-@@ -6984,12 +7003,12 @@ msgstr ""
- "версії MIT Kerberos >= 1.7"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr "krb5_use_kdcinfo (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -7004,7 +7023,7 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -7015,12 +7034,12 @@ msgstr ""
- "manvolnum> </citerefentry>, щоб дізнатися більше про додаток пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr "ldap_pwd_policy (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
-@@ -7029,7 +7048,7 @@ msgstr ""
- "використовувати такі значення:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
-@@ -7038,7 +7057,7 @@ msgstr ""
- "разі використання цього варіанта перевірку на боці сервера вимкнено не буде."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -7049,7 +7068,7 @@ msgstr ""
- "manvolnum></citerefentry> для визначення того, чи чинним є пароль."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -7060,7 +7079,7 @@ msgstr ""
- "скористайтеся chpass_provider=krb5 для оновлення цих атрибутів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
-@@ -7070,18 +7089,18 @@ msgstr ""
- "встановленими за допомогою цього параметра."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr "ldap_referrals (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
- "Визначає, чи має бути увімкнено автоматичне визначення напрямків пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
-@@ -7090,7 +7109,7 @@ msgstr ""
- "з версією OpenLDAP 2.4.13 або новішою версією."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -7104,28 +7123,28 @@ msgstr ""
- "«false» може значно пришвидшити роботу."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr "ldap_dns_service_name (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
- "Визначає назву служби, яку буде використано у разі вмикання визначення служб."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr "Типове значення: ldap"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr "ldap_chpass_dns_service_name (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
-@@ -7134,17 +7153,17 @@ msgstr ""
- "уможливлює зміну паролів, у разі вмикання визначення служб."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr "Типове значення: не встановлено, тобто пошук служб вимкнено"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr "ldap_chpass_update_last_change (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
-@@ -7153,12 +7172,12 @@ msgstr ""
- "щодо кількості днів з часу виконання дії зі зміни пароля."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr "ldap_access_filter (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -7187,12 +7206,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr "Приклад:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -7204,7 +7223,7 @@ msgstr ""
- " "
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
-@@ -7213,7 +7232,7 @@ msgstr ""
- "employeeType встановлено у значення «admin»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -7227,17 +7246,17 @@ msgstr ""
- "таких прав не було надано, у автономному режимі їх також не буде надано."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr "Типове значення: порожній рядок"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr "ldap_account_expire_policy (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
-@@ -7246,7 +7265,7 @@ msgstr ""
- "керування доступом на боці клієнта."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -7257,12 +7276,12 @@ msgstr ""
- "з відповідним кодом помилки, навіть якщо вказано правильний пароль."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr "Можна використовувати такі значення:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
-@@ -7271,7 +7290,7 @@ msgstr ""
- "визначити, чи завершено строк дії облікового запису."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -7284,7 +7303,7 @@ msgstr ""
- "Також буде перевірено, чи не вичерпано строк дії облікового запису."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -7295,7 +7314,7 @@ msgstr ""
- "ldap_ns_account_lock."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -7308,7 +7327,7 @@ msgstr ""
- "атрибутів, надати доступ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -7319,24 +7338,24 @@ msgstr ""
- "користуватися параметром ldap_account_expire_policy."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr "ldap_access_order (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
- "Список відокремлених комами параметрів керування доступом. Можливі значення "
- "списку:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr "<emphasis>filter</emphasis>: використовувати ldap_access_filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7351,7 +7370,7 @@ msgstr ""
- "для працездатності цієї можливості слід встановити «access_provider = ldap»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
-@@ -7361,7 +7380,7 @@ msgstr ""
- "emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -7384,13 +7403,13 @@ msgstr ""
- "параметра слід встановити значення «access_provider = ldap»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
- "<emphasis>expire</emphasis>: використовувати ldap_account_expire_policy"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -7405,7 +7424,7 @@ msgstr ""
- "наприклад на ключах SSH."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -7420,7 +7439,7 @@ msgstr ""
- "негайно змінити пароль."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-@@ -7428,7 +7447,7 @@ msgstr ""
- "від SSSD не надходитиме."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
-@@ -7438,7 +7457,7 @@ msgstr ""
- "параметра «ldap_pwd_policy» відповідні правила поводження із паролями."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
-@@ -7447,14 +7466,14 @@ msgstr ""
- "можливості доступу атрибут authorizedService"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
- "<emphasis>host</emphasis>: за допомогою цього атрибута вузла можна визначити "
- "права доступу"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
-@@ -7463,7 +7482,7 @@ msgstr ""
- "того, чи матиме віддалений вузол доступ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
-@@ -7473,12 +7492,12 @@ msgstr ""
- "керування доступом."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr "Типове значення: filter"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
-@@ -7487,12 +7506,12 @@ msgstr ""
- "використано декілька разів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr "ldap_pwdlockout_dn (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -7506,22 +7525,22 @@ msgstr ""
- "можна буде перевірити належним чином."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr "Приклад: cn=ppolicy,ou=policies,dc=example,dc=com"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr "Типове значення: cn=ppolicy,ou=policies,$ldap_search_base"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr "ldap_deref (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
-@@ -7530,13 +7549,13 @@ msgstr ""
- "пошуку. Можливі такі варіанти:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
- "<emphasis>never</emphasis>: ніколи не виконувати розіменування псевдонімів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
-@@ -7546,7 +7565,7 @@ msgstr ""
- "пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
-@@ -7555,7 +7574,7 @@ msgstr ""
- "під час визначення місця основного об’єкта пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
-@@ -7564,7 +7583,7 @@ msgstr ""
- "час пошуку, так і під час визначення місця основного об’єкта пошуку."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
-@@ -7573,12 +7592,12 @@ msgstr ""
- "сценарієм <emphasis>never</emphasis>)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr "ldap_rfc2307_fallback_to_local_users (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
-@@ -7587,7 +7606,7 @@ msgstr ""
- "серверів, у яких використовується схема RFC2307."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -7605,7 +7624,7 @@ msgstr ""
- "користувачів за допомогою виклику getpw*() або initgroups()."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -7617,12 +7636,12 @@ msgstr ""
- "групами LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr "wildcard_limit (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
-@@ -7631,26 +7650,19 @@ msgstr ""
- "пошуку з використанням символів-замінників."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
- "У поточній версії пошук із використанням символів-замінників передбачено "
- "лише для відповідача InfoPipe."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr "Типове значення: 1000 (часто розмір однієї сторінки)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap.5.xml:51
--#, fuzzy
--#| msgid ""
--#| "All of the common configuration options that apply to SSSD domains also "
--#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
--#| "<placeholder type=\"variablelist\" id=\"0\"/>"
- msgid ""
- "All of the common configuration options that apply to SSSD domains also "
- "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
-@@ -7663,16 +7675,19 @@ msgstr ""
- "Всі загальні параметри налаштування, які стосуються доменів SSSD, також "
- "стосуються і доменів LDAP. Зверніться до розділу «РОЗДІЛИ ДОМЕНІВ» сторінки "
- "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. "
--"<placeholder type=\"variablelist\" id=\"0\"/>"
-+"<manvolnum>5</manvolnum> </citerefentry>, щоб дізнатися більше. Зауважте, що "
-+"атрибути прив'язки до LDAP SSSD описано на сторінці підручника щодо "
-+"<citerefentry> <refentrytitle>sssd-ldap-attributes</refentrytitle> "
-+"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" "
-+"id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr "ПАРАМЕТРИ SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -7683,12 +7698,12 @@ msgstr ""
- "<manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr "ldap_sudo_full_refresh_interval (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
-@@ -7698,7 +7713,7 @@ msgstr ""
- "набір правил, що зберігаються на сервері."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
-@@ -7707,17 +7722,17 @@ msgstr ""
- "<emphasis>ldap_sudo_smart_refresh_interval </emphasis>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr "Типове значення: 21600 (6 годин)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr "ldap_sudo_smart_refresh_interval (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -7728,7 +7743,7 @@ msgstr ""
- "правил, USN яких перевищує найбільше значення сервера USN, яке відоме SSSD."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
-@@ -7737,7 +7752,7 @@ msgstr ""
- "дані атрибута modifyTimestamp."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -7753,12 +7768,12 @@ msgstr ""
- "emphasis>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr "ldap_sudo_use_host_filter (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
-@@ -7768,12 +7783,12 @@ msgstr ""
- "назв вузлів)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr "ldap_sudo_hostnames (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
-@@ -7782,7 +7797,7 @@ msgstr ""
- "фільтрування списку правил."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
-@@ -7791,8 +7806,8 @@ msgstr ""
- "назву вузла та повну назву комп’ютера у домені у автоматичному режимі."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
-@@ -7801,17 +7816,17 @@ msgstr ""
- "<emphasis>false</emphasis>, цей параметр ні на що не впливатиме."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr "Типове значення: не вказано"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr "ldap_sudo_ip (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
-@@ -7820,7 +7835,7 @@ msgstr ""
- "правил."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
-@@ -7829,12 +7844,12 @@ msgstr ""
- "адресу у автоматичному режимі."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr "ldap_sudo_include_netgroups (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
-@@ -7843,12 +7858,12 @@ msgstr ""
- "мережеву групу (netgroup) у атрибуті sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr "ldap_sudo_include_regexp (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
-@@ -7857,7 +7872,7 @@ msgstr ""
- "заміни у атрибуті sudoHost."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
-@@ -7866,7 +7881,7 @@ msgstr ""
- "для сервера LDAP!"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -7879,12 +7894,12 @@ msgstr ""
- "refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr "ПАРАМЕТРИ AUTOFS"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
-@@ -7893,47 +7908,47 @@ msgstr ""
- "LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr "ldap_autofs_map_master_name (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr "Назва основної карти автоматичного монтування у LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr "Типове значення: auto.master"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr "ДОДАТКОВІ ПАРАМЕТРИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr "ldap_netgroup_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr "ldap_user_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr "ldap_group_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr "<note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -7946,22 +7961,22 @@ msgstr ""
- "груп показуються неправильно."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr "</note>"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr "ldap_sudo_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr "ldap_autofs_search_base (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -7974,14 +7989,14 @@ msgstr ""
- "<placeholder type=\"variablelist\" id=\"1\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr "ПРИКЛАД"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -7992,7 +8007,7 @@ msgstr ""
- "<replaceable>[domains]</replaceable>."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -8012,20 +8027,20 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr "ПРИКЛАД ФІЛЬТРА ДОСТУПУ LDAP"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
-@@ -8034,7 +8049,7 @@ msgstr ""
- "чином і використано ldap_access_order=lockout."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -8060,13 +8075,13 @@ msgstr ""
- "cache_credentials = true\n"
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr "ЗАУВАЖЕННЯ"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -10001,7 +10016,7 @@ msgstr ""
- "цього вузла. Назву вузла слід вказувати повністю."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr "dyndns_update (булеве значення)"
-
-@@ -10021,7 +10036,7 @@ msgstr ""
- "допомогою параметра «dyndns_iface»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -10042,12 +10057,12 @@ msgstr ""
- "назву, <emphasis>dyndns_update</emphasis>, у файлі налаштувань."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr "dyndns_ttl (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -10074,12 +10089,12 @@ msgid "Default: 1200 (seconds)"
- msgstr "Типове значення: 1200 (секунд)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr "dyndns_iface (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -10112,17 +10127,17 @@ msgstr ""
- "для з’єднання LDAP IPA"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr "Приклад: dyndns_iface = em1, vnet1, vnet2"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr "dyndns_auth (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -10133,7 +10148,7 @@ msgstr ""
- "можна надсилати встановленням для цього параметра значення «none»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr "Типове значення: GSS-TSIG"
-
-@@ -10168,7 +10183,7 @@ msgstr ""
- "вважатимуться резервними серверами."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr "dyndns_refresh_interval (ціле число)"
-
-@@ -10185,12 +10200,12 @@ msgstr ""
- "є обов’язкоми, його застосовують, лише якщо dyndns_update має значення true."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr "dyndns_update_ptr (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -10214,12 +10229,12 @@ msgid "Default: False (disabled)"
- msgstr "Типове значення: False (вимкнено)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr "dyndns_force_tcp (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
-@@ -10228,17 +10243,17 @@ msgstr ""
- "даними з сервером DNS."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr "Типове значення: False (надати змогу nsupdate вибирати протокол)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr "dyndns_server (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
-@@ -10248,7 +10263,7 @@ msgstr ""
- "параметра."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
-@@ -10257,7 +10272,7 @@ msgstr ""
- "DNS відрізняється від сервера профілів."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
-@@ -10267,17 +10282,17 @@ msgstr ""
- "невдало."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr "Типове значення: немає (надати nsupdate змогу вибирати сервер)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr "dyndns_update_per_family (булеве значення)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -10410,12 +10425,12 @@ msgstr ""
- "перетворено у основний DN для виконання дій LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr "krb5_confd_path (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
-@@ -10424,7 +10439,7 @@ msgstr ""
- "налаштувань Kerberos."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
-@@ -10433,7 +10448,7 @@ msgstr ""
- "значення «none»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -11500,11 +11515,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:359
--#, fuzzy
--#| msgid ""
--#| "GPO-based access control functionality uses GPO policy settings to "
--#| "determine whether or not a particular user is allowed to logon to a "
--#| "particular host."
- msgid ""
- "GPO-based access control functionality uses GPO policy settings to determine "
- "whether or not a particular user is allowed to logon to the host. For more "
-@@ -11513,7 +11523,9 @@ msgid ""
- msgstr ""
- "Функціональні можливості з керування доступом на основі GPO використовують "
- "параметри правил GPO для визначення того, може чи не може той чи інший "
--"користувач увійти до системи певного вузла мережі."
-+"користувач увійти до системи вузла мережі. Якщо вам потрібна докладніша "
-+"інформація щодо підтримуваних параметрів правил, зверніться до параметрів "
-+"<quote>ad_gpo_map</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:367
-@@ -11523,6 +11535,11 @@ msgid ""
- "S-1-5-32-544) in GPO access control rules will be ignored by SSSD. See "
- "upstream issue tracker https://pagure.io/SSSD/sssd/issue/4099 ."
- msgstr ""
-+"Будь ласка, зверніть увагу на те, що у поточній версії SSSD не передбачено "
-+"підтримки вбудованих груп Active Directory. Вбудовані групи до правил "
-+"керування доступом на основі GPO (зокрема Administrators із SID "
-+"S-1-5-32-544) SSSD просто ігноруватиме. Див. запис системи стеження за "
-+"вадами https://pagure.io/SSSD/sssd/issue/4099 ."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:376
-@@ -11533,6 +11550,11 @@ msgid ""
- "a user, the user or at least one of the groups to which it belongs must have "
- "following permissions on the GPO:"
- msgstr ""
-+"Перед виконанням керування доступом SSSD застосовує захисне фільтрування на "
-+"основі правил груп до списку GPO. Для кожного входу користувача до системи "
-+"програма перевіряє застосовність GPO, які пов'язано із відповідним вузлом. "
-+"Щоб GPO можна було застосувати до користувача, користувач або принаймні одна "
-+"з груп, до яких він належить, повинен мати такі права доступу до GPO:"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd-ad.5.xml:386
-@@ -11540,6 +11562,8 @@ msgid ""
- "Read: The user or one of its groups must have read access to the properties "
- "of the GPO (RIGHT_DS_READ_PROPERTY)"
- msgstr ""
-+"Read: користувач або одна з його груп повинна мати доступ до читання "
-+"властивостей GPO (RIGHT_DS_READ_PROPERTY)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
- #: sssd-ad.5.xml:393
-@@ -11547,6 +11571,8 @@ msgid ""
- "Apply Group Policy: The user or at least one of its groups must be allowed "
- "to apply the GPO (RIGHT_DS_CONTROL_ACCESS)."
- msgstr ""
-+"Apply Group Policy: користувач або принаймні одна з його груп повинна мати "
-+"доступ до застосування GPO (RIGHT_DS_CONTROL_ACCESS)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:401
-@@ -11557,6 +11583,11 @@ msgid ""
- "and access control are started, the Authenticated Users group permissions on "
- "the GPO always apply also to the user."
- msgstr ""
-+"Типово, у GPO є група Authenticated Users, для якої встановлено одразу права "
-+"доступу Read та Apply Group Policy. Оскільки розпізнавання користувача має "
-+"бути успішно завершено до захисного фільтрування GPO і запуску керування "
-+"доступом, до облікового запису користувача завжди застосовуються права "
-+"доступу групи Authenticated Users щодо GPO."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:410
-@@ -11572,16 +11603,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:417
--#, fuzzy
--#| msgid ""
--#| "NOTE: If the operation mode is set to enforcing, it is possible that "
--#| "users that were previously allowed logon access will now be denied logon "
--#| "access (as dictated by the GPO policy settings). In order to facilitate a "
--#| "smooth transition for administrators, a permissive mode is available that "
--#| "will not enforce the access control rules, but will evaluate them and "
--#| "will output a syslog message if access would have been denied. By "
--#| "examining the logs, administrators can then make the necessary changes "
--#| "before setting the mode to enforcing."
- msgid ""
- "NOTE: If the operation mode is set to enforcing, it is possible that users "
- "that were previously allowed logon access will now be denied logon access "
-@@ -11603,7 +11624,10 @@ msgstr ""
- "відповідність цим правилам і виводитиме до системного журналу повідомлення, "
- "якщо доступ було надано усупереч цим правилам. Вивчення журналу надасть "
- "змогу адміністраторам внести відповідні зміни до встановлення примусового "
--"режиму (enforcing)."
-+"режиму (enforcing). Для запису до журналу даних керування доступом на основі "
-+"GPO потрібен рівень діагностики «trace functions» (див. сторінку підручника "
-+"<citerefentry> <refentrytitle>sssctl</refentrytitle> <manvolnum>8</"
-+"manvolnum> </citerefentry>)."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:436
-@@ -11728,6 +11752,19 @@ msgid ""
- "local access only, if it or at least one of its groups is part of the policy "
- "settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"InteractiveLogonRight і DenyInteractiveLogonRight. Виконуватиметься оцінка "
-+"лише тих GPO, до яких користувач має права доступу Read і Apply Group Policy "
-+"(див. параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із "
-+"оброблених GPO міститься параметр заборони інтерактивного входу до системи "
-+"для користувача або однієї з його груп, користувачеві буде заборонено "
-+"локальний доступ. Якщо для жодного із оброблених GPO немає визначеного права "
-+"на інтерактивний вхід до системи, користувачеві буде надано локальний "
-+"доступ. Якщо хоча б одному зі оброблених GPO містяться параметри прав на "
-+"інтерактивний вхід до системи, користувачеві буде надано лише локальний "
-+"доступ, якщо він або принаймні одна з його груп є частиною параметрів "
-+"правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:549
-@@ -11818,6 +11855,19 @@ msgid ""
- "settings, the user is granted remote access only, if it or at least one of "
- "its groups is part of the policy settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"RemoteInteractiveLogonRight і DenyRemoteInteractiveLogonRight. "
-+"Виконуватиметься оцінка лише тих GPO, до яких користувач має права доступу "
-+"Read і Apply Group Policy (див. параметр <quote>ad_gpo_access_control</"
-+"quote>). Якщо у якомусь із оброблених GPO міститься параметр заборони "
-+"віддаленого входу до системи для користувача або однієї з його груп, "
-+"користувачеві буде заборонено віддалений інтерактивний доступ. Якщо для "
-+"жодного із оброблених GPO немає визначеного права на віддалений вхід до "
-+"системи, користувачеві буде надано віддалений доступ. Якщо хоча б одному зі "
-+"оброблених GPO містяться параметри прав на віддалений вхід до системи, "
-+"користувачеві буде надано лише віддалений доступ, якщо він або принаймні "
-+"одна з його груп є частиною параметрів правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:657
-@@ -11890,6 +11940,19 @@ msgid ""
- "logon access only, if it or at least one of its groups is part of the policy "
- "settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"NetworkLogonRight і DenyNetworkLogonRight. Виконуватиметься оцінка лише тих "
-+"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. "
-+"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених "
-+"GPO міститься параметр заборони входу до системи за допомогою мережі для "
-+"користувача або однієї з його груп, користувачеві буде заборонено локальний "
-+"доступ. Якщо для жодного із оброблених GPO немає визначеного права на вхід "
-+"до системи за допомогою мережі, користувачеві буде надано доступ до входу. "
-+"Якщо хоча б одному зі оброблених GPO містяться параметри прав на вхід до "
-+"системи за допомогою мережі, користувачеві буде надано лише доступ до входу "
-+"до системи, якщо він або принаймні одна з його груп є частиною параметрів "
-+"правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:715
-@@ -11961,6 +12024,19 @@ msgid ""
- "settings, the user is granted logon access only, if it or at least one of "
- "its groups is part of the policy settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"BatchLogonRight і DenyBatchLogonRight. Виконуватиметься оцінка лише тих GPO, "
-+"до яких користувач має права доступу Read і Apply Group Policy (див. "
-+"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених "
-+"GPO міститься параметр заборони пакетного входу до системи для користувача "
-+"або однієї з його груп, користувачеві буде заборонено доступ до пакетного "
-+"входу до системи. Якщо для жодного із оброблених GPO немає визначеного права "
-+"на пакетний вхід до системи, користувачеві буде надано доступ до входу до "
-+"системи. Якщо хоча б одному зі оброблених GPO містяться параметри прав на "
-+"пакетний вхід до системи, користувачеві буде надано лише доступ до входу до "
-+"системи, якщо він або принаймні одна з його груп є частиною параметрів "
-+"правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:773
-@@ -12033,6 +12109,19 @@ msgid ""
- "logon access only, if it or at least one of its groups is part of the policy "
- "settings."
- msgstr ""
-+"Список назв служб PAM, відокремлених комами, для яких оцінки для керування "
-+"доступом на основі GPO виконуються на основі параметрів правил "
-+"ServiceLogonRight і DenyServiceLogonRight. Виконуватиметься оцінка лише тих "
-+"GPO, до яких користувач має права доступу Read і Apply Group Policy (див. "
-+"параметр <quote>ad_gpo_access_control</quote>). Якщо у якомусь із оброблених "
-+"GPO міститься параметр заборони входу до системи за допомогою служб для "
-+"користувача або однієї з його груп, користувачеві буде заборонено вхід до "
-+"системи за допомогою служб. Якщо для жодного із оброблених GPO немає "
-+"визначеного права на вхід до системи за допомогою служб, користувачеві буде "
-+"надано доступ до входу до системи. Якщо хоча б одному зі оброблених GPO "
-+"містяться параметри прав на вхід до системи за допомогою служб, "
-+"користувачеві буде надано лише доступ до входу до системи, якщо він або "
-+"принаймні одна з його груп є частиною параметрів правила."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:826
-@@ -12266,9 +12355,27 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr "Типове значення: 86400:750 (24 годин і 15 хвилин)"
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+#, fuzzy
-+#| msgid "ldap_id_use_start_tls (boolean)"
-+msgid "ad_use_ldaps (bool)"
-+msgstr "ldap_id_use_start_tls (булеве значення)"
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -12284,12 +12391,12 @@ msgstr ""
- "якщо цю адресу не було змінено за допомогою параметра «dyndns_iface»."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr "Типове значення: 3600 (секунд)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
-@@ -12298,7 +12405,7 @@ msgstr ""
- "для з’єднання LDAP AD"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -12315,12 +12422,12 @@ msgstr ""
- "значення."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr "Типове значення: True"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -12331,7 +12438,7 @@ msgstr ""
- "У прикладі продемонстровано лише параметри доступу, специфічні для засобу AD."
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -12355,7 +12462,7 @@ msgstr ""
- "ad_domain = example.com\n"
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -12367,7 +12474,7 @@ msgstr ""
- "ldap_account_expire_policy = ad\n"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -12379,7 +12486,7 @@ msgstr ""
- "\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -12394,7 +12501,7 @@ msgstr ""
- "шифрування) вручну."
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13029,10 +13136,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd.8.xml:259
--#, fuzzy
--#| msgid ""
--#| "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
--#| "applications will not use the fast in memory cache."
- msgid ""
- "If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
- "applications will not use the fast in-memory cache."
-@@ -14329,11 +14432,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:518
--#, fuzzy
--#| msgid ""
--#| "The krb5_kdcinfo_lookahead option contains two numbers seperated by a "
--#| "colon. The first number represents number of primary servers used and the "
--#| "second number specifies the number of backup servers."
- msgid ""
- "The krb5_kdcinfo_lookahead option contains two numbers separated by a colon. "
- "The first number represents number of primary servers used and the second "
-@@ -14345,12 +14443,6 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:524
--#, fuzzy
--#| msgid ""
--#| "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
--#| "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
--#| "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. but no backup "
--#| "servers."
- msgid ""
- "For example <emphasis>10:0</emphasis> means that up to 10 primary servers "
- "will be handed to <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
-@@ -14360,7 +14452,7 @@ msgstr ""
- "Наприклад, <emphasis>10:0</emphasis> означає «буде передано до 10 основних "
- "серверів до <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry>», але не буде "
--"передано резервні сервери."
-+"передано резервні сервери"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-krb5.5.xml:533
-@@ -17497,21 +17589,15 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
- #: sssd-kcm.8.xml:61
--#, fuzzy
--#| msgid ""
--#| "the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
--#| "<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
--#| "citerefentry> secrets store, allowing the ccaches to survive KCM server "
--#| "restarts or machine reboots."
- msgid ""
- "the SSSD implementation stores the ccaches in a database, typically located "
- "at <replaceable>/var/lib/sss/secrets</replaceable> allowing the ccaches to "
- "survive KCM server restarts or machine reboots."
- msgstr ""
--"реалізація у SSSD зберігає ccache-і у сховищі реєстраційних даних "
--"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
--"manvolnum> </citerefentry> SSSD, що надає змогу ccache-ам переживати "
--"перезапуски сервера KCM та перезавантаження комп'ютера."
-+"реалізація у SSSD зберігає дані ccache у базі даних, файл якої типово "
-+"називається <replaceable>/var/lib/sss/secrets</replaceable>. За допомогою "
-+"цього файла ccache зберігаються протягом періодів перезапуску сервера KCM "
-+"або перезавантаження комп'ютера."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:67
-@@ -17698,28 +17784,24 @@ msgid ""
- "after changing options in the <quote>kcm</quote> section of sssd.conf: "
- "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-+"Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</"
-+"quote> файла sssd.conf. Будь ласка, зауважте, що оскільки активація служби "
-+"KCM, зазвичай, відбувається за допомогою сокетів, після внесення змін до "
-+"розділу <quote>kcm</quote> файла sssd.conf достатньо перезапустити службу "
-+"<quote>sssd-kcm</quote>: <placeholder type=\"programlisting\" id=\"0\"/>"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:175
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the files provider for <citerefentry> "
--#| "<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
--#| "citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
--#| "FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
--#| "refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
- msgid ""
- "The KCM service is configured in the <quote>kcm</quote> For a detailed "
- "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
- "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
- "manvolnum> </citerefentry> manual page."
- msgstr ""
--"На цій сторінці довідника описано налаштування засобу обробки файлів для "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться "
--"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-+"Налаштування служби KCM виконують за допомогою <quote>kcm</quote>. Докладний "
-+"опис синтаксичних конструкцій налаштувань наведено у розділі <quote>ФОРМАТ "
-+"ФАЙЛА</quote> сторінки підручника щодо <citerefentry> <refentrytitle>sssd."
-+"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:183
-@@ -17755,27 +17837,27 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:205
--#, fuzzy
--#| msgid "max_secrets (integer)"
- msgid "max_ccaches (integer)"
--msgstr "max_secrets (ціле значення)"
-+msgstr "max_ccaches (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:208
- msgid "How many credential caches does the KCM database allow for all users."
- msgstr ""
-+"Скільки кешів реєстраційних може мати даних база даних KCM для усіх "
-+"користувачів."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:212
- msgid "Default: 0 (unlimited, only the per-UID quota is enforced)"
- msgstr ""
-+"Типове значення: 0 (без обмежень, застосовується лише квота на кількість "
-+"кешів на UID)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:217
--#, fuzzy
--#| msgid "max_uid_secrets (integer)"
- msgid "max_uid_ccaches (integer)"
--msgstr "max_uid_secrets (ціле число)"
-+msgstr "max_uid_ccaches (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:220
-@@ -17783,20 +17865,19 @@ msgid ""
- "How many credential caches does the KCM database allow per UID. This is "
- "equivalent to <quote>with how many principals you can kinit</quote>."
- msgstr ""
-+"Скільки кешів реєстраційних може мати даних база даних KCM для окремого UID. "
-+"Еквівалент значення <quote>кількість реєстраційних даних, які можна "
-+"ініціювати за допомогою kinit</quote>."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 64"
--msgstr "Типове значення: 6"
-+msgstr "Типове значення: 64"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
--#, fuzzy
--#| msgid "max_payload_size (integer)"
- msgid "max_ccache_size (integer)"
--msgstr "max_payload_size (ціле значення)"
-+msgstr "max_ccache_size (ціле число)"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:233
-@@ -17804,13 +17885,13 @@ msgid ""
- "How big can a credential cache be per ccache. Each service ticket accounts "
- "into this quota."
- msgstr ""
-+"Наскільки великим може бути кеш реєстраційних даних окремого ccache. Ця "
-+"квота обчислюється для усіх квитків служб разом."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 6"
- msgid "Default: 65536"
--msgstr "Типове значення: 6"
-+msgstr "Типове значення: 65536"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -17988,13 +18069,7 @@ msgstr "Зондує функцію sdap_get_generic_ext_send()."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:152
--#, fuzzy, no-wrap
--#| msgid ""
--#| "base:string\n"
--#| "scope:integer\n"
--#| "filter:string\n"
--#| "probestr:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "base:string\n"
- "scope:integer\n"
-@@ -18006,6 +18081,7 @@ msgstr ""
- "base:рядок\n"
- "scope:ціле число\n"
- "filter:рядок\n"
-+"attrs:рядок\n"
- "probestr:рядок\n"
- " "
-
-@@ -18037,10 +18113,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:176
--#, fuzzy
--#| msgid "probe sdap_deref_send"
- msgid "probe sdap_parse_entry"
--msgstr "зонд sdap_deref_send"
-+msgstr "зонд sdap_parse_entry"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:179
-@@ -18048,27 +18122,25 @@ msgid ""
- "Probes the sdap_parse_entry() function. It is called repeatedly with every "
- "received attribute."
- msgstr ""
-+"Зондує функцію sdap_parse_entry(). Викликається повторно для кожного "
-+"отриманого атрибута."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
- #: sssd-systemtap.5.xml:184
--#, fuzzy, no-wrap
--#| msgid ""
--#| "filter:string\n"
--#| " "
-+#, no-wrap
- msgid ""
- "attr:string\n"
- "value:string\n"
- " "
- msgstr ""
--"filter:рядок\n"
--" "
-+"attr:рядок\n"
-+"value:рядок\n"
-+" "
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:190
--#, fuzzy
--#| msgid "probe dp_req_done"
- msgid "probe sdap_parse_entry_done"
--msgstr "зонд dp_req_done"
-+msgstr "probe sdap_parse_entry_done"
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:193
-@@ -18076,6 +18148,8 @@ msgid ""
- "Probes the sdap_parse_entry() function. It is called when parsing of "
- "received object is finished."
- msgstr ""
-+"Зондує функцію sdap_parse_entry(). Викликається після завершення обробки "
-+"отриманого об'єкта."
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:201
-@@ -18319,7 +18393,7 @@ msgstr "Перетворення методу на рядок і поверне
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-systemtap.5.xml:410
- msgid "SAMPLE SYSTEMTAP SCRIPTS"
--msgstr ""
-+msgstr "ЗРАЗКИ СКРИПТІВ SYSTEMTAP"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-systemtap.5.xml:412
-@@ -18328,78 +18402,67 @@ msgid ""
- "script_name>.stp</command>), then perform an identity operation and the "
- "script will collect information from probes."
- msgstr ""
-+"Запустіть скрипт SystemTap (<command>stap /usr/share/sssd/systemtap/<"
-+"назва_скрипту>.stp</command>), потім виконайте дію із розпізнавання. "
-+"Скрипт збере дані за допомогою зондів."
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-systemtap.5.xml:418
- msgid "Provided SystemTap scripts are:"
--msgstr ""
-+msgstr "Скриптами SystemTap з пакунка є:"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:422
- msgid "dp_request.stp"
--msgstr ""
-+msgstr "dp_request.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:425
- msgid "Monitoring of data provider request performance."
--msgstr ""
-+msgstr "Спостереження за швидкодією обробки запитів засобом надання даних."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:430
- msgid "id_perf.stp"
--msgstr ""
-+msgstr "id_perf.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:433
- msgid "Monitoring of <command>id</command> command performance."
--msgstr ""
-+msgstr "Спостереження за швидкодією виконання команди <command>id</command>."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:439
--#, fuzzy
--#| msgid "ldap_deref (string)"
- msgid "ldap_perf.stp"
--msgstr "ldap_deref (рядок)"
-+msgstr "ldap_perf.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:442
- msgid "Monitoring of LDAP queries."
--msgstr ""
-+msgstr "Спостереження за запитами LDAP."
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-systemtap.5.xml:447
- msgid "nested_group_perf.stp"
--msgstr ""
-+msgstr "nested_group_perf.stp"
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-systemtap.5.xml:450
- msgid "Performance of nested groups resolving."
--msgstr ""
-+msgstr "Швидкодія визначення назв для вкладених груп."
-
- #. type: Content of: <reference><refentry><refnamediv><refname>
- #: sssd-ldap-attributes.5.xml:10 sssd-ldap-attributes.5.xml:16
--#, fuzzy
--#| msgid "sssd-ldap"
- msgid "sssd-ldap-attributes"
--msgstr "sssd-ldap"
-+msgstr "sssd-ldap-attributes"
-
- #. type: Content of: <reference><refentry><refnamediv><refpurpose>
- #: sssd-ldap-attributes.5.xml:17
--#, fuzzy
--#| msgid "SSSD LDAP provider"
- msgid "SSSD LDAP Provider: Mapping Attributes"
--msgstr "Модуль надання даних LDAP SSSD"
-+msgstr "Засіб надання даних LDAP SSSD: атрибути прив'язування"
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-ldap-attributes.5.xml:23
--#, fuzzy
--#| msgid ""
--#| "This manual page describes the configuration of LDAP domains for "
--#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
--#| "manvolnum> </citerefentry>. Refer to the <quote>FILE FORMAT</quote> "
--#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#| "<manvolnum>5</manvolnum> </citerefentry> manual page for detailed syntax "
--#| "information."
- msgid ""
- "This manual page describes the mapping attributes of SSSD LDAP provider "
- "<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
-@@ -18407,17 +18470,17 @@ msgid ""
- "ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
- "for full details about SSSD LDAP provider configuration options."
- msgstr ""
--"На цій сторінці довідника описано налаштування доменів LDAP для "
--"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
--"</citerefentry>. Щоб дізнатися більше про синтаксис налаштування, зверніться "
--"до розділу «ФОРМАТ ФАЙЛА» сторінки довідника <citerefentry> "
--"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
--"citerefentry>."
-+"Цю сторінку підручника присвячено опису атрибутів прив'язування засобу "
-+"надання даних LDAP SSSD <citerefentry> <refentrytitle>sssd-ldap</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. Повний опис "
-+"параметрів налаштовування засобу надання даних LDAP SSSD наведено на "
-+"сторінці підручника щодо <citerefentry> <refentrytitle>sssd-ldap</"
-+"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:38
- msgid "USER ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ КОРИСТУВАЧА"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:42
-@@ -18529,7 +18592,7 @@ msgstr "Атрибут LDAP, що містить назву домашнього
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:129
- msgid "Default: homeDirectory (LDAP and IPA), unixHomeDirectory (AD)"
--msgstr ""
-+msgstr "Типове значення: homeDirectory (LDAP та IPA), unixHomeDirectory (AD)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:135
-@@ -19066,6 +19129,10 @@ msgid ""
- "Therefore when using service-based access control, the <quote>systemd-user</"
- "quote> service might need to be added to the list of allowed services."
- msgstr ""
-+"У деяких дистрибутивах (зокрема у Fedora-29+ або RHEL-8) службу PAM "
-+"<quote>systemd-user</quote> завжди включено до процедури входу до системи. "
-+"Тому при використанні керування доступом на основі даних служб варто "
-+"додавати службу <quote>systemd-user</quote> до списку дозволених служб."
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:545
-@@ -19204,7 +19271,7 @@ msgstr "Типове значення: mail"
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:644
- msgid "GROUP ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ ГРУПИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:648
-@@ -19292,10 +19359,8 @@ msgstr "ldap_group_modify_timestamp (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:742
--#, fuzzy
--#| msgid "ldap_group_name (string)"
- msgid "ldap_group_type (string)"
--msgstr "ldap_group_name (рядок)"
-+msgstr "ldap_group_type (рядок)"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ldap-attributes.5.xml:745
-@@ -19349,7 +19414,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:782
- msgid "NETGROUP ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ МЕРЕЖЕВОЇ ГРУПИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:786
-@@ -19437,7 +19502,7 @@ msgstr "ldap_netgroup_modify_timestamp (рядок)"
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:871
- msgid "HOST ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ ВУЗЛА"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:875
-@@ -19523,10 +19588,8 @@ msgstr "Атрибут LDAP, що містить UUID/GUID об’єкта ву
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "РОЗДІЛИ СЛУЖБ"
-+msgstr "АТРИБУТИ СЛУЖБИ"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
-@@ -19585,7 +19648,7 @@ msgstr "Типове значення: ipServiceProtocol"
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1026
- msgid "SUDO ATTRIBUTES"
--msgstr ""
-+msgstr "АТРИБУТИ SUDO"
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:1030
-@@ -19770,10 +19833,8 @@ msgstr "Типове значення: sudoOrder"
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:1177
--#, fuzzy
--#| msgid "AUTOFS OPTIONS"
- msgid "AUTOFS ATTRIBUTES"
--msgstr "ПАРАМЕТРИ AUTOFS"
-+msgstr "АТРИБУТИ AUTOFS"
-
- #. type: Content of: <variablelist><varlistentry><term>
- #: include/autofs_attributes.xml:3
-@@ -20098,20 +20159,17 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:76
--#, fuzzy
--#| msgid "dns_resolver_timeout"
- msgid "dns_resolver_server_timeout"
--msgstr "dns_resolver_timeout"
-+msgstr "dns_resolver_server_timeout"
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
- #: include/failover.xml:80
--#, fuzzy
--#| msgid "How long would SSSD talk to a single DNS server."
- msgid ""
- "Time in milliseconds that sets how long would SSSD talk to a single DNS "
- "server before trying next one."
- msgstr ""
--"Наскільки довго SSSD обмінюватиметься інформацією із окремим сервером DNS."
-+"Час у мілісекундах, протягом якого SSSD має намагатися обмінятися даними із "
-+"окремим сервером DNS, перш ніж перейти до спроб зв'язатися із наступним."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:90
-@@ -20125,6 +20183,10 @@ msgid ""
- "(e.g. resolution of a hostname or an SRV record) before trying the next "
- "hostname or discovery domain."
- msgstr ""
-+"Час у секундах, який визначає тривалість періоду, протягом якого SSSD "
-+"намагатиметься обробити окремий запит DNS (наприклад встановити назву вузла "
-+"або запис SRV), перш ніж перейти до наступної назви вузла або наступного "
-+"домену пошуку."
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
- #: include/failover.xml:106
-@@ -20158,13 +20220,6 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
- #: include/failover.xml:123
--#, fuzzy
--#| msgid ""
--#| "For LDAP-based providers, the resolve operation is performed as part of "
--#| "an LDAP connection operation. Therefore, also the "
--#| "<quote>ldap_opt_timeout></quote> timeout should be set to a larger value "
--#| "than <quote>dns_resolver_timeout</quote> which in turn should be set to a "
--#| "larger value than <quote>dns_resolver_op_timeout</quote>."
- msgid ""
- "For LDAP-based providers, the resolve operation is performed as part of an "
- "LDAP connection operation. Therefore, also the <quote>ldap_opt_timeout></"
-@@ -20177,7 +20232,8 @@ msgstr ""
- "частина дії зі встановлення з'єднання із LDAP. Тому слід також встановити "
- "для часу очікування <quote>ldap_opt_timeout></quote> значення, яке "
- "перевищуватиме значення <quote>dns_resolver_timeout</quote>, яке також має "
--"перевищувати значення <quote>dns_resolver_op_timeout</quote>."
-+"перевищувати значення <quote>dns_resolver_op_timeout</quote>, яке має "
-+"перевищувати значення <quote>dns_resolver_server_timeout</quote>."
-
- #. type: Content of: <refsect1><title>
- #: include/ldap_id_mapping.xml:2
-@@ -21438,94 +21494,3 @@ msgstr "ldap_group_objectsid = ipaNTSecurityIdentifier"
- #: include/ipa_modified_defaults.xml:118
- msgid "ldap_group_external_member = ipaExternalMember"
- msgstr "ldap_group_external_member = ipaExternalMember"
--
--#~ msgid ""
--#~ "The background refresh will process users, groups and netgroups in the "
--#~ "cache."
--#~ msgstr ""
--#~ "Під час фонового оновлення виконуватиметься обробка записів користувачів, "
--#~ "груп та мережевих груп у кеші."
--
--#~ msgid "Default: homeDirectory"
--#~ msgstr "Типове значення: homeDirectory"
--
--#~ msgid "ldap_group_type (integer)"
--#~ msgstr "ldap_group_type (ціле число)"
--
--#~ msgid ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--#~ msgstr ""
--#~ "<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
--#~ "\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
--#~ "<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
--#~ "\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the InteractiveLogonRight and "
--#~ "DenyInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO виконуватиметься на основі параметрів правил "
--#~ "InteractiveLogonRight і DenyInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the RemoteInteractiveLogonRight and "
--#~ "DenyRemoteInteractiveLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту RemoteInteractiveLogonRight "
--#~ "і DenyRemoteInteractiveLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the NetworkLogonRight and "
--#~ "DenyNetworkLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту NetworkLogonRight і "
--#~ "DenyNetworkLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
--#~ "policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту BatchLogonRight і "
--#~ "DenyBatchLogonRight."
--
--#~ msgid ""
--#~ "A comma-separated list of PAM service names for which GPO-based access "
--#~ "control is evaluated based on the ServiceLogonRight and "
--#~ "DenyServiceLogonRight policy settings."
--#~ msgstr ""
--#~ "Список назв служб PAM, відокремлених комами, для яких керування доступом "
--#~ "на основі GPO засновано на параметрах захисту ServiceLogonRight і "
--#~ "DenyServiceLogonRight."
--
--#~ msgid ""
--#~ "The KCM service is configured in the <quote>kcm</quote> section of the "
--#~ "sssd.conf file. Please note that currently, is it not sufficient to "
--#~ "restart the sssd-kcm service, because the sssd configuration is only "
--#~ "parsed and read to an internal configuration database by the sssd "
--#~ "service. Therefore you must restart the sssd service if you change "
--#~ "anything in the <quote>kcm</quote> section of sssd.conf. For a detailed "
--#~ "syntax reference, refer to the <quote>FILE FORMAT</quote> section of the "
--#~ "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
--#~ "manvolnum> </citerefentry> manual page."
--#~ msgstr ""
--#~ "Налаштовування служби KCM виконується за допомогою розділу <quote>kcm</"
--#~ "quote> файла sssd.conf. Будь ласка, зауважте, що у поточній версії для "
--#~ "застосування налаштувань перезапуску служби sssd-kcm недостатньо, "
--#~ "оскільки обробка і читання налаштувань sssd до внутрішньої бази даних "
--#~ "налаштувань виконується лише самою службою sssd. Тому вам слід "
--#~ "перезапустити вашу службу sssd, якщо ви щось змінили у розділі "
--#~ "<quote>kcm</quote> файла sssd.conf. Докладний опис синтаксису файла "
--#~ "налаштувань наведено у розділі <quote>ФОРМАТ ФАЙЛА</quote> сторінки "
--#~ "підручника <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
--#~ "<manvolnum>5</manvolnum> </citerefentry>."
-diff --git a/src/man/po/zh_CN.po b/src/man/po/zh_CN.po
-index cca30a82f..3170fb6a2 100644
---- a/src/man/po/zh_CN.po
-+++ b/src/man/po/zh_CN.po
-@@ -6,9 +6,9 @@
- # Christopher Meng <cickumqt@gmail.com>, 2012
- msgid ""
- msgstr ""
--"Project-Id-Version: sssd-docs 2.1.1\n"
-+"Project-Id-Version: sssd-docs 2.2.3\n"
- "Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
--"POT-Creation-Date: 2019-11-30 22:23+0100\n"
-+"POT-Creation-Date: 2020-02-12 23:33+0100\n"
- "PO-Revision-Date: 2014-12-15 12:16+0000\n"
- "Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
- "Language-Team: Chinese (China) (http://www.transifex.com/projects/p/sssd/"
-@@ -301,9 +301,9 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:133 sssd.conf.5.xml:330 sssd.conf.5.xml:646
- #: sssd.conf.5.xml:943 sssd.conf.5.xml:1716 sssd.conf.5.xml:1746
--#: sssd-ldap.5.xml:910 sssd-ldap.5.xml:1008 sssd-ldap.5.xml:1070
--#: sssd-ldap.5.xml:1503 sssd-ldap.5.xml:1568 sssd-ipa.5.xml:326
--#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1038 sssd-ad.5.xml:1171
-+#: sssd-ldap.5.xml:945 sssd-ldap.5.xml:1043 sssd-ldap.5.xml:1105
-+#: sssd-ldap.5.xml:1538 sssd-ldap.5.xml:1603 sssd-ipa.5.xml:326
-+#: sssd-ad.5.xml:227 sssd-ad.5.xml:341 sssd-ad.5.xml:1058 sssd-ad.5.xml:1191
- #: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
- msgid "Default: true"
- msgstr ""
-@@ -323,16 +323,16 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:146 sssd.conf.5.xml:643 sssd.conf.5.xml:825
- #: sssd.conf.5.xml:1649 sssd.conf.5.xml:3304 sssd-ldap.5.xml:305
--#: sssd-ldap.5.xml:761 sssd-ldap.5.xml:780 sssd-ldap.5.xml:980
--#: sssd-ldap.5.xml:1406 sssd-ldap.5.xml:1592 sssd-ipa.5.xml:151
-+#: sssd-ldap.5.xml:796 sssd-ldap.5.xml:815 sssd-ldap.5.xml:1015
-+#: sssd-ldap.5.xml:1441 sssd-ldap.5.xml:1627 sssd-ipa.5.xml:151
- #: sssd-ipa.5.xml:238 sssd-ipa.5.xml:574 sssd-krb5.5.xml:266
- #: sssd-krb5.5.xml:300 sssd-krb5.5.xml:471
- msgid "Default: false"
- msgstr ""
-
- #. type: Content of: outside any tag (error?)
--#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1444
--#: sssd-ldap.5.xml:1615 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
-+#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:1479
-+#: sssd-ldap.5.xml:1650 sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143
- #: sssd-systemtap.5.xml:236 sssd-systemtap.5.xml:274 sssd-systemtap.5.xml:330
- #: sssd-ldap-attributes.5.xml:40 sssd-ldap-attributes.5.xml:646
- #: sssd-ldap-attributes.5.xml:784 sssd-ldap-attributes.5.xml:873
-@@ -361,7 +361,7 @@ msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:169 sssd.conf.5.xml:1480 sssd.conf.5.xml:3320
--#: sssd-ldap.5.xml:632 include/ldap_id_mapping.xml:264
-+#: sssd-ldap.5.xml:667 include/ldap_id_mapping.xml:264
- msgid "Default: 10"
- msgstr ""
-
-@@ -659,8 +659,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:720
--#: sssd-ldap.5.xml:732 sssd-ldap.5.xml:824 sssd-ad.5.xml:843 sssd-ad.5.xml:918
-+#: sssd.conf.5.xml:435 sssd.conf.5.xml:1269 sssd-ldap.5.xml:755
-+#: sssd-ldap.5.xml:767 sssd-ldap.5.xml:859 sssd-ad.5.xml:843 sssd-ad.5.xml:918
- #: sssd.8.xml:126 sssd-krb5.5.xml:410 sssd-krb5.5.xml:590
- #: sssd-secrets.5.xml:339 sssd-secrets.5.xml:377 sssd-secrets.5.xml:390
- #: sssd-secrets.5.xml:404 sssd-secrets.5.xml:415 sssd-ldap-attributes.5.xml:470
-@@ -769,10 +769,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:510
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: sha256"
--msgstr "默认: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:512
-@@ -1742,7 +1740,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd.8.xml:79
-+#: sssd.conf.5.xml:1323 sssd.conf.5.xml:3166 sssd-ldap.5.xml:532 sssd.8.xml:79
- msgid "Default: 0"
- msgstr ""
-
-@@ -1806,7 +1804,7 @@ msgstr ""
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd.conf.5.xml:1383 sssd.conf.5.xml:1408 sssd.conf.5.xml:1427
- #: sssd.conf.5.xml:1614 sssd.conf.5.xml:2122 sssd.conf.5.xml:3095
--#: sssd-ldap.5.xml:1039
-+#: sssd-ldap.5.xml:1074
- msgid "Default: none"
- msgstr ""
-
-@@ -1871,8 +1869,8 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
--#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:554 sssd-ldap.5.xml:575
--#: sssd-ldap.5.xml:1112 sssd-ad.5.xml:486 sssd-ad.5.xml:504
-+#: sssd.conf.5.xml:1441 sssd-ldap.5.xml:573 sssd-ldap.5.xml:594
-+#: sssd-ldap.5.xml:1147 sssd-ad.5.xml:486 sssd-ad.5.xml:504 sssd-ad.5.xml:1033
- #: include/ldap_id_mapping.xml:244
- msgid "Default: False"
- msgstr ""
-@@ -5041,34 +5039,53 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:513 sssd-ldap.5.xml:1489
-+#: sssd-ldap.5.xml:513
-+msgid ""
-+"This timeout can be extended of a random value specified by "
-+"<emphasis>ldap_connection_expire_offset</emphasis>"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:518 sssd-ldap.5.xml:1524
- msgid "Default: 900 (15 minutes)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:519
-+#: sssd-ldap.5.xml:524
-+msgid "ldap_connection_expire_offset (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:527
-+msgid ""
-+"Random offset between 0 and configured value is added to "
-+"<emphasis>ldap_connection_expire_timeout</emphasis>."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:538
- msgid "ldap_page_size (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:522
-+#: sssd-ldap.5.xml:541
- msgid ""
- "Specify the number of records to retrieve from LDAP in a single request. "
- "Some LDAP servers enforce a maximum limit per-request."
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:527 include/failover.xml:84
-+#: sssd-ldap.5.xml:546 include/failover.xml:84
- msgid "Default: 1000"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:533
-+#: sssd-ldap.5.xml:552
- msgid "ldap_disable_paging (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:536
-+#: sssd-ldap.5.xml:555
- msgid ""
- "Disable the LDAP paging control. This option should be used if the LDAP "
- "server reports that it supports the LDAP paging control in its RootDSE but "
-@@ -5076,14 +5093,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:542
-+#: sssd-ldap.5.xml:561
- msgid ""
- "Example: OpenLDAP servers with the paging control module installed on the "
- "server but not enabled will report it in the RootDSE but be unable to use it."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:548
-+#: sssd-ldap.5.xml:567
- msgid ""
- "Example: 389 DS has a bug where it can only support a one paging control at "
- "a time on a single connection. On busy clients, this can result in some "
-@@ -5091,17 +5108,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:560
-+#: sssd-ldap.5.xml:579
- msgid "ldap_disable_range_retrieval (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:563
-+#: sssd-ldap.5.xml:582
- msgid "Disable Active Directory range retrieval."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:566
-+#: sssd-ldap.5.xml:585
- msgid ""
- "Active Directory limits the number of members to be retrieved in a single "
- "lookup using the MaxValRange policy (which defaults to 1500 members). If a "
-@@ -5111,12 +5128,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:581
-+#: sssd-ldap.5.xml:600
- msgid "ldap_sasl_minssf (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:584
-+#: sssd-ldap.5.xml:603
- msgid ""
- "When communicating with an LDAP server using SASL, specify the minimum "
- "security level necessary to establish the connection. The values of this "
-@@ -5124,17 +5141,30 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:590
-+#: sssd-ldap.5.xml:609 sssd-ldap.5.xml:625
- msgid "Default: Use the system default (usually specified by ldap.conf)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:597
-+#: sssd-ldap.5.xml:616
-+msgid "ldap_sasl_maxssf (integer)"
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ldap.5.xml:619
-+msgid ""
-+"When communicating with an LDAP server using SASL, specify the maximal "
-+"security level necessary to establish the connection. The values of this "
-+"option are defined by OpenLDAP."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ldap.5.xml:632
- msgid "ldap_deref_threshold (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:600
-+#: sssd-ldap.5.xml:635
- msgid ""
- "Specify the number of group members that must be missing from the internal "
- "cache in order to trigger a dereference lookup. If less members are missing, "
-@@ -5142,7 +5172,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:606
-+#: sssd-ldap.5.xml:641
- msgid ""
- "You can turn off dereference lookups completely by setting the value to 0. "
- "Please note that there are some codepaths in SSSD, like the IPA HBAC "
-@@ -5153,7 +5183,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:617
-+#: sssd-ldap.5.xml:652
- msgid ""
- "A dereference lookup is a means of fetching all group members in a single "
- "LDAP call. Different LDAP servers may implement different dereference "
-@@ -5162,7 +5192,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:625
-+#: sssd-ldap.5.xml:660
- msgid ""
- "<emphasis>Note:</emphasis> If any of the search bases specifies a search "
- "filter, then the dereference lookup performance enhancement will be disabled "
-@@ -5170,26 +5200,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:638
-+#: sssd-ldap.5.xml:673
- msgid "ldap_tls_reqcert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:641
-+#: sssd-ldap.5.xml:676
- msgid ""
- "Specifies what checks to perform on server certificates in a TLS session, if "
- "any. It can be specified as one of the following values:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:647
-+#: sssd-ldap.5.xml:682
- msgid ""
- "<emphasis>never</emphasis> = The client will not request or check any server "
- "certificate."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:651
-+#: sssd-ldap.5.xml:686
- msgid ""
- "<emphasis>allow</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5197,7 +5227,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:658
-+#: sssd-ldap.5.xml:693
- msgid ""
- "<emphasis>try</emphasis> = The server certificate is requested. If no "
- "certificate is provided, the session proceeds normally. If a bad certificate "
-@@ -5205,7 +5235,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:664
-+#: sssd-ldap.5.xml:699
- msgid ""
- "<emphasis>demand</emphasis> = The server certificate is requested. If no "
- "certificate is provided, or a bad certificate is provided, the session is "
-@@ -5213,41 +5243,41 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:670
-+#: sssd-ldap.5.xml:705
- msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:674
-+#: sssd-ldap.5.xml:709
- msgid "Default: hard"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:680
-+#: sssd-ldap.5.xml:715
- msgid "ldap_tls_cacert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:683
-+#: sssd-ldap.5.xml:718
- msgid ""
- "Specifies the file that contains certificates for all of the Certificate "
- "Authorities that <command>sssd</command> will recognize."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:688 sssd-ldap.5.xml:706 sssd-ldap.5.xml:747
-+#: sssd-ldap.5.xml:723 sssd-ldap.5.xml:741 sssd-ldap.5.xml:782
- msgid ""
- "Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
- "conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:695
-+#: sssd-ldap.5.xml:730
- msgid "ldap_tls_cacertdir (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:698
-+#: sssd-ldap.5.xml:733
- msgid ""
- "Specifies the path of a directory that contains Certificate Authority "
- "certificates in separate individual files. Typically the file names need to "
-@@ -5256,32 +5286,32 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:713
-+#: sssd-ldap.5.xml:748
- msgid "ldap_tls_cert (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:716
-+#: sssd-ldap.5.xml:751
- msgid "Specifies the file that contains the certificate for the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:726
-+#: sssd-ldap.5.xml:761
- msgid "ldap_tls_key (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:729
-+#: sssd-ldap.5.xml:764
- msgid "Specifies the file that contains the client's key."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:738
-+#: sssd-ldap.5.xml:773
- msgid "ldap_tls_cipher_suite (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:741
-+#: sssd-ldap.5.xml:776
- msgid ""
- "Specifies acceptable cipher suites. Typically this is a colon separated "
- "list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
-@@ -5289,24 +5319,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:754
-+#: sssd-ldap.5.xml:789
- msgid "ldap_id_use_start_tls (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:757
-+#: sssd-ldap.5.xml:792
- msgid ""
- "Specifies that the id_provider connection must also use <systemitem class="
- "\"protocol\">tls</systemitem> to protect the channel."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:767
-+#: sssd-ldap.5.xml:802
- msgid "ldap_id_mapping (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:770
-+#: sssd-ldap.5.xml:805
- msgid ""
- "Specifies that SSSD should attempt to map user and group IDs from the "
- "ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
-@@ -5314,17 +5344,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:776
-+#: sssd-ldap.5.xml:811
- msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:786
-+#: sssd-ldap.5.xml:821
- msgid "ldap_min_id, ldap_max_id (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:789
-+#: sssd-ldap.5.xml:824
- msgid ""
- "In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
- "set to true the allowed ID range for ldap_user_uid_number and "
-@@ -5335,24 +5365,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:801
-+#: sssd-ldap.5.xml:836
- msgid "Default: not set (both options are set to 0)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:807
-+#: sssd-ldap.5.xml:842
- msgid "ldap_sasl_mech (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:810
-+#: sssd-ldap.5.xml:845
- msgid ""
- "Specify the SASL mechanism to use. Currently only GSSAPI and GSS-SPNEGO are "
- "tested and supported."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:814
-+#: sssd-ldap.5.xml:849
- msgid ""
- "If the backend supports sub-domains the value of ldap_sasl_mech is "
- "automatically inherited to the sub-domains. If a different value is needed "
-@@ -5363,12 +5393,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:830
-+#: sssd-ldap.5.xml:865
- msgid "ldap_sasl_authid (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
--#: sssd-ldap.5.xml:842
-+#: sssd-ldap.5.xml:877
- #, no-wrap
- msgid ""
- "hostname@REALM\n"
-@@ -5381,7 +5411,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:833
-+#: sssd-ldap.5.xml:868
- msgid ""
- "Specify the SASL authorization id to use. When GSSAPI/GSS-SPNEGO are used, "
- "this represents the Kerberos principal used for authentication to the "
-@@ -5393,17 +5423,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:853
-+#: sssd-ldap.5.xml:888
- msgid "Default: host/hostname@REALM"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:859
-+#: sssd-ldap.5.xml:894
- msgid "ldap_sasl_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:862
-+#: sssd-ldap.5.xml:897
- msgid ""
- "Specify the SASL realm to use. When not specified, this option defaults to "
- "the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
-@@ -5411,49 +5441,49 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:868
-+#: sssd-ldap.5.xml:903
- msgid "Default: the value of krb5_realm."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:874
-+#: sssd-ldap.5.xml:909
- msgid "ldap_sasl_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:877
-+#: sssd-ldap.5.xml:912
- msgid ""
- "If set to true, the LDAP library would perform a reverse lookup to "
- "canonicalize the host name during a SASL bind."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:882
-+#: sssd-ldap.5.xml:917
- msgid "Default: false;"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:888
-+#: sssd-ldap.5.xml:923
- msgid "ldap_krb5_keytab (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:891
-+#: sssd-ldap.5.xml:926
- msgid "Specify the keytab to use when using SASL/GSSAPI/GSS-SPNEGO."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:895
-+#: sssd-ldap.5.xml:930
- msgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:901
-+#: sssd-ldap.5.xml:936
- msgid "ldap_krb5_init_creds (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:904
-+#: sssd-ldap.5.xml:939
- msgid ""
- "Specifies that the id_provider should init Kerberos credentials (TGT). This "
- "action is performed only if SASL is used and the mechanism selected is "
-@@ -5461,28 +5491,28 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:916
-+#: sssd-ldap.5.xml:951
- msgid "ldap_krb5_ticket_lifetime (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:919
-+#: sssd-ldap.5.xml:954
- msgid ""
- "Specifies the lifetime in seconds of the TGT if GSSAPI or GSS-SPNEGO is used."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:923 sssd-ad.5.xml:1090
-+#: sssd-ldap.5.xml:958 sssd-ad.5.xml:1110
- msgid "Default: 86400 (24 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:929 sssd-krb5.5.xml:74
-+#: sssd-ldap.5.xml:964 sssd-krb5.5.xml:74
- msgid "krb5_server, krb5_backup_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:932
-+#: sssd-ldap.5.xml:967
- msgid ""
- "Specifies the comma-separated list of IP addresses or hostnames of the "
- "Kerberos servers to which SSSD should connect in the order of preference. "
-@@ -5494,7 +5524,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:944 sssd-krb5.5.xml:89
-+#: sssd-ldap.5.xml:979 sssd-krb5.5.xml:89
- msgid ""
- "When using service discovery for KDC or kpasswd servers, SSSD first searches "
- "for DNS entries that specify _udp as the protocol and falls back to _tcp if "
-@@ -5502,7 +5532,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:949 sssd-krb5.5.xml:94
-+#: sssd-ldap.5.xml:984 sssd-krb5.5.xml:94
- msgid ""
- "This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
- "While the legacy name is recognized for the time being, users are advised to "
-@@ -5510,39 +5540,39 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:958 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
-+#: sssd-ldap.5.xml:993 sssd-ipa.5.xml:443 sssd-krb5.5.xml:103
- msgid "krb5_realm (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:961
-+#: sssd-ldap.5.xml:996
- msgid "Specify the Kerberos REALM (for SASL/GSSAPI/GSS-SPNEGO auth)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:965
-+#: sssd-ldap.5.xml:1000
- msgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:971 sssd-krb5.5.xml:462
-+#: sssd-ldap.5.xml:1006 sssd-krb5.5.xml:462
- msgid "krb5_canonicalize (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:974
-+#: sssd-ldap.5.xml:1009
- msgid ""
- "Specifies if the host principal should be canonicalized when connecting to "
- "LDAP server. This feature is available with MIT Kerberos >= 1.7"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:986 sssd-krb5.5.xml:477
-+#: sssd-ldap.5.xml:1021 sssd-krb5.5.xml:477
- msgid "krb5_use_kdcinfo (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:989 sssd-krb5.5.xml:480
-+#: sssd-ldap.5.xml:1024 sssd-krb5.5.xml:480
- msgid ""
- "Specifies if the SSSD should instruct the Kerberos libraries what realm and "
- "which KDCs to use. This option is on by default, if you disable it, you need "
-@@ -5552,7 +5582,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1000 sssd-krb5.5.xml:491
-+#: sssd-ldap.5.xml:1035 sssd-krb5.5.xml:491
- msgid ""
- "See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
- "refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
-@@ -5560,26 +5590,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1014
-+#: sssd-ldap.5.xml:1049
- msgid "ldap_pwd_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1017
-+#: sssd-ldap.5.xml:1052
- msgid ""
- "Select the policy to evaluate the password expiration on the client side. "
- "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1022
-+#: sssd-ldap.5.xml:1057
- msgid ""
- "<emphasis>none</emphasis> - No evaluation on the client side. This option "
- "cannot disable server-side password policies."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1027
-+#: sssd-ldap.5.xml:1062
- msgid ""
- "<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
- "refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
-@@ -5587,7 +5617,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1033
-+#: sssd-ldap.5.xml:1068
- msgid ""
- "<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
- "to determine if the password has expired. Use chpass_provider=krb5 to update "
-@@ -5595,31 +5625,31 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1042
-+#: sssd-ldap.5.xml:1077
- msgid ""
- "<emphasis>Note</emphasis>: if a password policy is configured on server "
- "side, it always takes precedence over policy set with this option."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1050
-+#: sssd-ldap.5.xml:1085
- msgid "ldap_referrals (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1053
-+#: sssd-ldap.5.xml:1088
- msgid "Specifies whether automatic referral chasing should be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1057
-+#: sssd-ldap.5.xml:1092
- msgid ""
- "Please note that sssd only supports referral chasing when it is compiled "
- "with OpenLDAP version 2.4.13 or higher."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1062
-+#: sssd-ldap.5.xml:1097
- msgid ""
- "Chasing referrals may incur a performance penalty in environments that use "
- "them heavily, a notable example is Microsoft Active Directory. If your setup "
-@@ -5628,56 +5658,56 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1076
-+#: sssd-ldap.5.xml:1111
- msgid "ldap_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1079
-+#: sssd-ldap.5.xml:1114
- msgid "Specifies the service name to use when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1083
-+#: sssd-ldap.5.xml:1118
- msgid "Default: ldap"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1089
-+#: sssd-ldap.5.xml:1124
- msgid "ldap_chpass_dns_service_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1092
-+#: sssd-ldap.5.xml:1127
- msgid ""
- "Specifies the service name to use to find an LDAP server which allows "
- "password changes when service discovery is enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1097
-+#: sssd-ldap.5.xml:1132
- msgid "Default: not set, i.e. service discovery is disabled"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1103
-+#: sssd-ldap.5.xml:1138
- msgid "ldap_chpass_update_last_change (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1106
-+#: sssd-ldap.5.xml:1141
- msgid ""
- "Specifies whether to update the ldap_user_shadow_last_change attribute with "
- "days since the Epoch after a password change operation."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1118
-+#: sssd-ldap.5.xml:1153
- msgid "ldap_access_filter (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1121
-+#: sssd-ldap.5.xml:1156
- msgid ""
- "If using access_provider = ldap and ldap_access_order = filter (default), "
- "this option is mandatory. It specifies an LDAP search filter criteria that "
-@@ -5693,12 +5723,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1141
-+#: sssd-ldap.5.xml:1176
- msgid "Example:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
--#: sssd-ldap.5.xml:1144
-+#: sssd-ldap.5.xml:1179
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -5707,14 +5737,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1148
-+#: sssd-ldap.5.xml:1183
- msgid ""
- "This example means that access to this host is restricted to users whose "
- "employeeType attribute is set to \"admin\"."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1153
-+#: sssd-ldap.5.xml:1188
- msgid ""
- "Offline caching for this feature is limited to determining whether the "
- "user's last online login was granted access permission. If they were granted "
-@@ -5723,24 +5753,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1218
-+#: sssd-ldap.5.xml:1196 sssd-ldap.5.xml:1253
- msgid "Default: Empty"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1167
-+#: sssd-ldap.5.xml:1202
- msgid "ldap_account_expire_policy (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1170
-+#: sssd-ldap.5.xml:1205
- msgid ""
- "With this option a client side evaluation of access control attributes can "
- "be enabled."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1174
-+#: sssd-ldap.5.xml:1209
- msgid ""
- "Please note that it is always recommended to use server side access control, "
- "i.e. the LDAP server should deny the bind request with a suitable error code "
-@@ -5748,19 +5778,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1181
-+#: sssd-ldap.5.xml:1216
- msgid "The following values are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1184
-+#: sssd-ldap.5.xml:1219
- msgid ""
- "<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
- "determine if the account is expired."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1189
-+#: sssd-ldap.5.xml:1224
- msgid ""
- "<emphasis>ad</emphasis>: use the value of the 32bit field "
- "ldap_user_ad_user_account_control and allow access if the second bit is not "
-@@ -5769,7 +5799,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1196
-+#: sssd-ldap.5.xml:1231
- msgid ""
- "<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
- "emphasis>: use the value of ldap_ns_account_lock to check if access is "
-@@ -5777,7 +5807,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1202
-+#: sssd-ldap.5.xml:1237
- msgid ""
- "<emphasis>nds</emphasis>: the values of "
- "ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
-@@ -5786,7 +5816,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1211
-+#: sssd-ldap.5.xml:1246
- msgid ""
- "Please note that the ldap_access_order configuration option <emphasis>must</"
- "emphasis> include <quote>expire</quote> in order for the "
-@@ -5794,22 +5824,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1224
-+#: sssd-ldap.5.xml:1259
- msgid "ldap_access_order (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1227
-+#: sssd-ldap.5.xml:1262
- msgid "Comma separated list of access control options. Allowed values are:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1231
-+#: sssd-ldap.5.xml:1266
- msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1234
-+#: sssd-ldap.5.xml:1269
- msgid ""
- "<emphasis>lockout</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5819,14 +5849,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1244
-+#: sssd-ldap.5.xml:1279
- msgid ""
- "<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
- "quote> option and might be removed in a future release. </emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1251
-+#: sssd-ldap.5.xml:1286
- msgid ""
- "<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
- "denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
-@@ -5839,12 +5869,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1268
-+#: sssd-ldap.5.xml:1303
- msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1272
-+#: sssd-ldap.5.xml:1307
- msgid ""
- "<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
- "pwd_expire_policy_renew: </emphasis> These options are useful if users are "
-@@ -5854,7 +5884,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1282
-+#: sssd-ldap.5.xml:1317
- msgid ""
- "The difference between these options is the action taken if user password is "
- "expired: pwd_expire_policy_reject - user is denied to log in, "
-@@ -5864,63 +5894,63 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1290
-+#: sssd-ldap.5.xml:1325
- msgid ""
- "Note If user password is expired no explicit message is prompted by SSSD."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1294
-+#: sssd-ldap.5.xml:1329
- msgid ""
- "Please note that 'access_provider = ldap' must be set for this feature to "
- "work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1299
-+#: sssd-ldap.5.xml:1334
- msgid ""
- "<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
- "to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1304
-+#: sssd-ldap.5.xml:1339
- msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1308
-+#: sssd-ldap.5.xml:1343
- msgid ""
- "<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
- "remote host can access"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1312
-+#: sssd-ldap.5.xml:1347
- msgid ""
- "Please note, rhost field in pam is set by application, it is better to check "
- "what the application sends to pam, before enabling this access control option"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1317
-+#: sssd-ldap.5.xml:1352
- msgid "Default: filter"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1320
-+#: sssd-ldap.5.xml:1355
- msgid ""
- "Please note that it is a configuration error if a value is used more than "
- "once."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1327
-+#: sssd-ldap.5.xml:1362
- msgid "ldap_pwdlockout_dn (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1330
-+#: sssd-ldap.5.xml:1365
- msgid ""
- "This option specifies the DN of password policy entry on LDAP server. Please "
- "note that absence of this option in sssd.conf in case of enabled account "
-@@ -5929,74 +5959,74 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1338
-+#: sssd-ldap.5.xml:1373
- msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1341
-+#: sssd-ldap.5.xml:1376
- msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1347
-+#: sssd-ldap.5.xml:1382
- msgid "ldap_deref (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1350
-+#: sssd-ldap.5.xml:1385
- msgid ""
- "Specifies how alias dereferencing is done when performing a search. The "
- "following options are allowed:"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1355
-+#: sssd-ldap.5.xml:1390
- msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1359
-+#: sssd-ldap.5.xml:1394
- msgid ""
- "<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
- "the base object, but not in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1364
-+#: sssd-ldap.5.xml:1399
- msgid ""
- "<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
- "the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1369
-+#: sssd-ldap.5.xml:1404
- msgid ""
- "<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
- "in locating the base object of the search."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1374
-+#: sssd-ldap.5.xml:1409
- msgid ""
- "Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
- "client libraries)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1382
-+#: sssd-ldap.5.xml:1417
- msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1385
-+#: sssd-ldap.5.xml:1420
- msgid ""
- "Allows to retain local users as members of an LDAP group for servers that "
- "use the RFC2307 schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1389
-+#: sssd-ldap.5.xml:1424
- msgid ""
- "In some environments where the RFC2307 schema is used, local users are made "
- "members of LDAP groups by adding their names to the memberUid attribute. "
-@@ -6007,7 +6037,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1400
-+#: sssd-ldap.5.xml:1435
- msgid ""
- "This option falls back to checking if local users are referenced, and caches "
- "them so that later initgroups() calls will augment the local users with the "
-@@ -6015,24 +6045,24 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1412 sssd-ifp.5.xml:136
-+#: sssd-ldap.5.xml:1447 sssd-ifp.5.xml:136
- msgid "wildcard_limit (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1415
-+#: sssd-ldap.5.xml:1450
- msgid ""
- "Specifies an upper limit on the number of entries that are downloaded during "
- "a wildcard lookup."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1419
-+#: sssd-ldap.5.xml:1454
- msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1423
-+#: sssd-ldap.5.xml:1458
- msgid "Default: 1000 (often the size of one page)"
- msgstr ""
-
-@@ -6049,12 +6079,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1433
-+#: sssd-ldap.5.xml:1468
- msgid "SUDO OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1435
-+#: sssd-ldap.5.xml:1470
- msgid ""
- "The detailed instructions for configuration of sudo_provider are in the "
- "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
-@@ -6062,36 +6092,36 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1446
-+#: sssd-ldap.5.xml:1481
- msgid "ldap_sudo_full_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1449
-+#: sssd-ldap.5.xml:1484
- msgid ""
- "How many seconds SSSD will wait between executing a full refresh of sudo "
- "rules (which downloads all rules that are stored on the server)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1454
-+#: sssd-ldap.5.xml:1489
- msgid ""
- "The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
- "emphasis>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1459
-+#: sssd-ldap.5.xml:1494
- msgid "Default: 21600 (6 hours)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1465
-+#: sssd-ldap.5.xml:1500
- msgid "ldap_sudo_smart_refresh_interval (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1468
-+#: sssd-ldap.5.xml:1503
- msgid ""
- "How many seconds SSSD has to wait before executing a smart refresh of sudo "
- "rules (which downloads all rules that have USN higher than the highest "
-@@ -6099,14 +6129,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1474
-+#: sssd-ldap.5.xml:1509
- msgid ""
- "If USN attributes are not supported by the server, the modifyTimestamp "
- "attribute is used instead."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1478
-+#: sssd-ldap.5.xml:1513
- msgid ""
- "<emphasis>Note:</emphasis> the highest USN value can be updated by three "
- "tasks: 1) By sudo full and smart refresh (if updated rules are found), 2) by "
-@@ -6116,101 +6146,101 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1495
-+#: sssd-ldap.5.xml:1530
- msgid "ldap_sudo_use_host_filter (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1498
-+#: sssd-ldap.5.xml:1533
- msgid ""
- "If true, SSSD will download only rules that are applicable to this machine "
- "(using the IPv4 or IPv6 host/network addresses and hostnames)."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1509
-+#: sssd-ldap.5.xml:1544
- msgid "ldap_sudo_hostnames (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1512
-+#: sssd-ldap.5.xml:1547
- msgid ""
- "Space separated list of hostnames or fully qualified domain names that "
- "should be used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1517
-+#: sssd-ldap.5.xml:1552
- msgid ""
- "If this option is empty, SSSD will try to discover the hostname and the "
- "fully qualified domain name automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1522 sssd-ldap.5.xml:1545 sssd-ldap.5.xml:1563
--#: sssd-ldap.5.xml:1581
-+#: sssd-ldap.5.xml:1557 sssd-ldap.5.xml:1580 sssd-ldap.5.xml:1598
-+#: sssd-ldap.5.xml:1616
- msgid ""
- "If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
- "emphasis> then this option has no effect."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1527 sssd-ldap.5.xml:1550
-+#: sssd-ldap.5.xml:1562 sssd-ldap.5.xml:1585
- msgid "Default: not specified"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1533
-+#: sssd-ldap.5.xml:1568
- msgid "ldap_sudo_ip (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1536
-+#: sssd-ldap.5.xml:1571
- msgid ""
- "Space separated list of IPv4 or IPv6 host/network addresses that should be "
- "used to filter the rules."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1541
-+#: sssd-ldap.5.xml:1576
- msgid ""
- "If this option is empty, SSSD will try to discover the addresses "
- "automatically."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1556
-+#: sssd-ldap.5.xml:1591
- msgid "ldap_sudo_include_netgroups (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1559
-+#: sssd-ldap.5.xml:1594
- msgid ""
- "If true then SSSD will download every rule that contains a netgroup in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1574
-+#: sssd-ldap.5.xml:1609
- msgid "ldap_sudo_include_regexp (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1577
-+#: sssd-ldap.5.xml:1612
- msgid ""
- "If true then SSSD will download every rule that contains a wildcard in "
- "sudoHost attribute."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><note><para>
--#: sssd-ldap.5.xml:1587
-+#: sssd-ldap.5.xml:1622
- msgid ""
- "Using wildcard is an operation that is very costly to evaluate on the LDAP "
- "server side!"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1599
-+#: sssd-ldap.5.xml:1634
- msgid ""
- "This manual page only describes attribute name mapping. For detailed "
- "explanation of sudo related attribute semantics, see <citerefentry> "
-@@ -6219,59 +6249,59 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1609
-+#: sssd-ldap.5.xml:1644
- msgid "AUTOFS OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1611
-+#: sssd-ldap.5.xml:1646
- msgid ""
- "Some of the defaults for the parameters below are dependent on the LDAP "
- "schema."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1617
-+#: sssd-ldap.5.xml:1652
- msgid "ldap_autofs_map_master_name (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1620
-+#: sssd-ldap.5.xml:1655
- msgid "The name of the automount master map in LDAP."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ldap.5.xml:1623
-+#: sssd-ldap.5.xml:1658
- msgid "Default: auto.master"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1634
-+#: sssd-ldap.5.xml:1669
- msgid "ADVANCED OPTIONS"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1641
-+#: sssd-ldap.5.xml:1676
- msgid "ldap_netgroup_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1646
-+#: sssd-ldap.5.xml:1681
- msgid "ldap_user_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1651
-+#: sssd-ldap.5.xml:1686
- msgid "ldap_group_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
--#: sssd-ldap.5.xml:1656
-+#: sssd-ldap.5.xml:1691
- msgid "<note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
--#: sssd-ldap.5.xml:1658
-+#: sssd-ldap.5.xml:1693
- msgid ""
- "If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
- "against Active Directory will not be restricted and return all groups "
-@@ -6280,22 +6310,22 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist>
--#: sssd-ldap.5.xml:1665
-+#: sssd-ldap.5.xml:1700
- msgid "</note>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1667
-+#: sssd-ldap.5.xml:1702
- msgid "ldap_sudo_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ldap.5.xml:1672
-+#: sssd-ldap.5.xml:1707
- msgid "ldap_autofs_search_base (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1636
-+#: sssd-ldap.5.xml:1671
- msgid ""
- "These options are supported by LDAP domains, but they should be used with "
- "caution. Please include them in your configuration only if you know what you "
-@@ -6304,14 +6334,14 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1687 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
--#: sssd-ad.5.xml:1209 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
-+#: sssd-ldap.5.xml:1722 sssd-simple.5.xml:131 sssd-ipa.5.xml:843
-+#: sssd-ad.5.xml:1229 sssd-krb5.5.xml:604 sss_rpcidmapd.5.xml:98
- #: sssd-files.5.xml:130 sssd-session-recording.5.xml:144
- msgid "EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1689
-+#: sssd-ldap.5.xml:1724
- msgid ""
- "The following example assumes that SSSD is correctly configured and LDAP is "
- "set to one of the domains in the <replaceable>[domains]</replaceable> "
-@@ -6319,7 +6349,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1695
-+#: sssd-ldap.5.xml:1730
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6332,27 +6362,27 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <refsect1><refsect2><para>
--#: sssd-ldap.5.xml:1694 sssd-ldap.5.xml:1712 sssd-simple.5.xml:139
--#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1217 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
-+#: sssd-ldap.5.xml:1729 sssd-ldap.5.xml:1747 sssd-simple.5.xml:139
-+#: sssd-ipa.5.xml:851 sssd-ad.5.xml:1237 sssd-sudo.5.xml:56 sssd-krb5.5.xml:613
- #: sssd-files.5.xml:137 sssd-files.5.xml:148 sssd-session-recording.5.xml:150
- #: include/ldap_id_mapping.xml:105
- msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1706
-+#: sssd-ldap.5.xml:1741
- msgid "LDAP ACCESS FILTER EXAMPLE"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1708
-+#: sssd-ldap.5.xml:1743
- msgid ""
- "The following example assumes that SSSD is correctly configured and to use "
- "the ldap_access_order=lockout."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ldap.5.xml:1713
-+#: sssd-ldap.5.xml:1748
- #, no-wrap
- msgid ""
- "[domain/LDAP]\n"
-@@ -6368,13 +6398,13 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
--#: sssd-ldap.5.xml:1728 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
--#: sssd-ad.5.xml:1232 sssd.8.xml:257 sss_seed.8.xml:163
-+#: sssd-ldap.5.xml:1763 sssd_krb5_locator_plugin.8.xml:83 sssd-simple.5.xml:148
-+#: sssd-ad.5.xml:1252 sssd.8.xml:257 sss_seed.8.xml:163
- msgid "NOTES"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ldap.5.xml:1730
-+#: sssd-ldap.5.xml:1765
- msgid ""
- "The descriptions of some of the configuration options in this manual page "
- "are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
-@@ -7904,7 +7934,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1019
-+#: sssd-ipa.5.xml:128 sssd-ad.5.xml:1039
- msgid "dyndns_update (boolean)"
- msgstr ""
-
-@@ -7919,7 +7949,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1033
-+#: sssd-ipa.5.xml:140 sssd-ad.5.xml:1053
- msgid ""
- "NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
- "the default Kerberos realm must be set properly in /etc/krb5.conf"
-@@ -7934,12 +7964,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1044
-+#: sssd-ipa.5.xml:157 sssd-ad.5.xml:1064
- msgid "dyndns_ttl (integer)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1047
-+#: sssd-ipa.5.xml:160 sssd-ad.5.xml:1067
- msgid ""
- "The TTL to apply to the client DNS record when updating it. If "
- "dyndns_update is false this has no effect. This will override the TTL "
-@@ -7960,12 +7990,12 @@ msgid "Default: 1200 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1058
-+#: sssd-ipa.5.xml:177 sssd-ad.5.xml:1078
- msgid "dyndns_iface (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1061
-+#: sssd-ipa.5.xml:180 sssd-ad.5.xml:1081
- msgid ""
- "Optional. Applicable only when dyndns_update is true. Choose the interface "
- "or a list of interfaces whose IP addresses should be used for dynamic DNS "
-@@ -7989,17 +8019,17 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1072
-+#: sssd-ipa.5.xml:197 sssd-ad.5.xml:1092
- msgid "Example: dyndns_iface = em1, vnet1, vnet2"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1123
-+#: sssd-ipa.5.xml:203 sssd-ad.5.xml:1143
- msgid "dyndns_auth (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1126
-+#: sssd-ipa.5.xml:206 sssd-ad.5.xml:1146
- msgid ""
- "Whether the nsupdate utility should use GSS-TSIG authentication for secure "
- "updates with the DNS server, insecure updates can be sent by setting this "
-@@ -8007,7 +8037,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1132
-+#: sssd-ipa.5.xml:212 sssd-ad.5.xml:1152
- msgid "Default: GSS-TSIG"
- msgstr ""
-
-@@ -8034,7 +8064,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1078
-+#: sssd-ipa.5.xml:244 sssd-ad.5.xml:1098
- msgid "dyndns_refresh_interval (integer)"
- msgstr ""
-
-@@ -8047,12 +8077,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1096
-+#: sssd-ipa.5.xml:260 sssd-ad.5.xml:1116
- msgid "dyndns_update_ptr (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1099
-+#: sssd-ipa.5.xml:263 sssd-ad.5.xml:1119
- msgid ""
- "Whether the PTR record should also be explicitly updated when updating the "
- "client's DNS records. Applicable only when dyndns_update is true."
-@@ -8071,60 +8101,60 @@ msgid "Default: False (disabled)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1110
-+#: sssd-ipa.5.xml:280 sssd-ad.5.xml:1130
- msgid "dyndns_force_tcp (bool)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1113
-+#: sssd-ipa.5.xml:283 sssd-ad.5.xml:1133
- msgid ""
- "Whether the nsupdate utility should default to using TCP for communicating "
- "with the DNS server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1117
-+#: sssd-ipa.5.xml:287 sssd-ad.5.xml:1137
- msgid "Default: False (let nsupdate choose the protocol)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1138
-+#: sssd-ipa.5.xml:293 sssd-ad.5.xml:1158
- msgid "dyndns_server (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1141
-+#: sssd-ipa.5.xml:296 sssd-ad.5.xml:1161
- msgid ""
- "The DNS server to use when performing a DNS update. In most setups, it's "
- "recommended to leave this option unset."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1146
-+#: sssd-ipa.5.xml:301 sssd-ad.5.xml:1166
- msgid ""
- "Setting this option makes sense for environments where the DNS server is "
- "different from the identity server."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1151
-+#: sssd-ipa.5.xml:306 sssd-ad.5.xml:1171
- msgid ""
- "Please note that this option will be only used in fallback attempt when "
- "previous attempt using autodetected settings failed."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1156
-+#: sssd-ipa.5.xml:311 sssd-ad.5.xml:1176
- msgid "Default: None (let nsupdate choose the server)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1162
-+#: sssd-ipa.5.xml:317 sssd-ad.5.xml:1182
- msgid "dyndns_update_per_family (boolean)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1165
-+#: sssd-ipa.5.xml:320 sssd-ad.5.xml:1185
- msgid ""
- "DNS update is by default performed in two steps - IPv4 update and then IPv6 "
- "update. In some cases it might be desirable to perform IPv4 and IPv6 update "
-@@ -8238,26 +8268,26 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
--#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1180
-+#: sssd-ipa.5.xml:458 sssd-ad.5.xml:1200
- msgid "krb5_confd_path (string)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1183
-+#: sssd-ipa.5.xml:461 sssd-ad.5.xml:1203
- msgid ""
- "Absolute path of a directory where SSSD should place Kerberos configuration "
- "snippets."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1187
-+#: sssd-ipa.5.xml:465 sssd-ad.5.xml:1207
- msgid ""
- "To disable the creation of the configuration snippets set the parameter to "
- "'none'."
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1191
-+#: sssd-ipa.5.xml:469 sssd-ad.5.xml:1211
- msgid ""
- "Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
- msgstr ""
-@@ -9697,9 +9727,25 @@ msgstr ""
- msgid "Default: 86400:750 (24h and 15m)"
- msgstr ""
-
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
-+#: sssd-ad.5.xml:1019
-+msgid "ad_use_ldaps (bool)"
-+msgstr ""
-+
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
- #: sssd-ad.5.xml:1022
- msgid ""
-+"By default SSSD uses the plain LDAP port 389 and the Global Catalog port "
-+"3628. If this option is set to True SSSD will use the LDAPS port 636 and "
-+"Global Catalog port 3629 with LDAPS protection. Since AD does not allow to "
-+"have multiple encryption layers on a single connection and we still want to "
-+"use SASL/GSSAPI or SASL/GSS-SPNEGO for authentication the SASL security "
-+"property maxssf is set to 0 (zero) for those connections."
-+msgstr ""
-+
-+#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
-+#: sssd-ad.5.xml:1042
-+msgid ""
- "Optional. This option tells SSSD to automatically update the Active "
- "Directory DNS server with the IP address of this client. The update is "
- "secured using GSS-TSIG. As a consequence, the Active Directory administrator "
-@@ -9709,19 +9755,19 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1052
-+#: sssd-ad.5.xml:1072
- msgid "Default: 3600 (seconds)"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1068
-+#: sssd-ad.5.xml:1088
- msgid ""
- "Default: Use the IP addresses of the interface which is used for AD LDAP "
- "connection"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1081
-+#: sssd-ad.5.xml:1101
- msgid ""
- "How often should the back end perform periodic DNS update in addition to the "
- "automatic update performed when the back end goes online. This option is "
-@@ -9731,12 +9777,12 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
--#: sssd-ad.5.xml:1104 sss_rpcidmapd.5.xml:76
-+#: sssd-ad.5.xml:1124 sss_rpcidmapd.5.xml:76
- msgid "Default: True"
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1211
-+#: sssd-ad.5.xml:1231
- msgid ""
- "The following example assumes that SSSD is correctly configured and example."
- "com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
-@@ -9744,7 +9790,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1218
-+#: sssd-ad.5.xml:1238
- #, no-wrap
- msgid ""
- "[domain/EXAMPLE]\n"
-@@ -9759,7 +9805,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><programlisting>
--#: sssd-ad.5.xml:1238
-+#: sssd-ad.5.xml:1258
- #, no-wrap
- msgid ""
- "access_provider = ldap\n"
-@@ -9768,7 +9814,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1234
-+#: sssd-ad.5.xml:1254
- msgid ""
- "The AD access control provider checks if the account is expired. It has the "
- "same effect as the following configuration of the LDAP provider: "
-@@ -9776,7 +9822,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1244
-+#: sssd-ad.5.xml:1264
- msgid ""
- "However, unless the <quote>ad</quote> access control provider is explicitly "
- "configured, the default access provider is <quote>permit</quote>. Please "
-@@ -9786,7 +9832,7 @@ msgid ""
- msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
--#: sssd-ad.5.xml:1252
-+#: sssd-ad.5.xml:1272
- msgid ""
- "When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
- "attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
-@@ -13905,10 +13951,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:225
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 64"
--msgstr "默认: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
- #: sssd-kcm.8.xml:230
-@@ -13924,10 +13968,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
- #: sssd-kcm.8.xml:237
--#, fuzzy
--#| msgid "Default: 3"
- msgid "Default: 65536"
--msgstr "默认: 3"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para>
- #: sssd-kcm.8.xml:247
-@@ -15430,10 +15472,8 @@ msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><title>
- #: sssd-ldap-attributes.5.xml:968
--#, fuzzy
--#| msgid "SERVICES SECTIONS"
- msgid "SERVICE ATTRIBUTES"
--msgstr "服务部分"
-+msgstr ""
-
- #. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
- #: sssd-ldap-attributes.5.xml:972
---
-2.20.1
-
diff --git a/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch b/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
new file mode 100644
index 0000000..4b519b7
--- /dev/null
+++ b/SOURCES/0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
@@ -0,0 +1,44 @@
+From 8c642a542245a9f9fde5c2de9c96082b4c0d0963 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Mon, 11 May 2020 21:26:13 +0200
+Subject: [PATCH 17/19] ad: remove unused trust_type from ad_subdom_store()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 8 --------
+ 1 file changed, 8 deletions(-)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index a9a552ff7..198f5c916 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -576,7 +576,6 @@ ad_subdom_store(struct confdb_ctx *cdb,
+ enum idmap_error_code err;
+ struct ldb_message_element *el;
+ char *sid_str = NULL;
+- uint32_t trust_type;
+ enum sss_domain_mpg_mode mpg_mode;
+ enum sss_domain_mpg_mode default_mpg_mode;
+
+@@ -586,13 +585,6 @@ ad_subdom_store(struct confdb_ctx *cdb,
+ goto done;
+ }
+
+- ret = sysdb_attrs_get_uint32_t(subdom_attrs, AD_AT_TRUST_TYPE,
+- &trust_type);
+- if (ret != EOK) {
+- DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_uint32_t failed.\n");
+- goto done;
+- }
+-
+ ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_TRUST_PARTNER, &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "failed to get subdomain name\n");
+--
+2.21.3
+
diff --git a/SOURCES/0017-sbus_server-stylistic-rename.patch b/SOURCES/0017-sbus_server-stylistic-rename.patch
deleted file mode 100644
index 40d597d..0000000
--- a/SOURCES/0017-sbus_server-stylistic-rename.patch
+++ /dev/null
@@ -1,43 +0,0 @@
-From faa5dbf6f716bd4ac0a3020a28a1ee6fbf74654a Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 17:22:28 +0100
-Subject: [PATCH 17/23] sbus_server: stylistic rename
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Renamed sbus_server_name_remove_from_table() to
-sbus_server_name_remove_from_table_cb() to keep naming consistent
-with other functions used as `hash_delete_callback` argument of
-sss_ptr_hash_create()
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/sbus/server/sbus_server.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/sbus/server/sbus_server.c b/src/sbus/server/sbus_server.c
-index 5405dae56..2b9327051 100644
---- a/src/sbus/server/sbus_server.c
-+++ b/src/sbus/server/sbus_server.c
-@@ -584,7 +584,7 @@ sbus_server_name_lost(struct sbus_server *server,
- }
-
- static void
--sbus_server_name_remove_from_table(hash_entry_t *item,
-+sbus_server_name_remove_from_table_cb(hash_entry_t *item,
- hash_destroy_enum type,
- void *pvt)
- {
-@@ -676,7 +676,7 @@ sbus_server_create(TALLOC_CTX *mem_ctx,
- }
-
- sbus_server->names = sss_ptr_hash_create(sbus_server,
-- sbus_server_name_remove_from_table, sbus_server);
-+ sbus_server_name_remove_from_table_cb, sbus_server);
- if (sbus_server->names == NULL) {
- ret = ENOMEM;
- goto done;
---
-2.20.1
-
diff --git a/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch b/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch
new file mode 100644
index 0000000..23486f2
--- /dev/null
+++ b/SOURCES/0018-ad-add-ad_check_domain_-send-recv.patch
@@ -0,0 +1,283 @@
+From 3ae3286d61ed796f0be7a1d72157af3687bc04a5 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Thu, 7 May 2020 21:26:16 +0200
+Subject: [PATCH 18/19] ad: add ad_check_domain_{send|recv}
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+This new request tries to get the basic domain information like domain
+SID and NetBIOS domain name for a domain given by the name. To achieve
+this the needed data is added to general domain structure and the SDAP
+domain structure. If the domain data cannot be looked up the data is
+removed again.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 251 +++++++++++++++++++++++++++++++
+ 1 file changed, 251 insertions(+)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 198f5c916..299aa7391 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -2143,3 +2143,254 @@ errno_t ad_subdomains_init(TALLOC_CTX *mem_ctx,
+
+ return EOK;
+ }
++
++struct ad_check_domain_state {
++ struct tevent_context *ev;
++ struct be_ctx *be_ctx;
++ struct sdap_id_op *sdap_op;
++ struct ad_id_ctx *dom_id_ctx;
++ struct sdap_options *opts;
++
++ const char *dom_name;
++ struct sss_domain_info *dom;
++ struct sss_domain_info *parent;
++ struct sdap_domain *sdom;
++
++ char *flat;
++ char *site;
++ char *forest;
++ char *sid;
++};
++
++static void ad_check_domain_connect_done(struct tevent_req *subreq);
++static void ad_check_domain_done(struct tevent_req *subreq);
++
++static int ad_check_domain_destructor(void *mem)
++{
++ struct ad_check_domain_state *state = talloc_get_type(mem,
++ struct ad_check_domain_state);
++
++ if (state->sdom != NULL) {
++ DEBUG(SSSDBG_TRACE_ALL, "Removing sdap domain [%s].\n",
++ state->dom->name);
++ sdap_domain_remove(state->opts, state->dom);
++ /* terminate all requests for this subdomain so we can free it */
++ dp_terminate_domain_requests(state->be_ctx->provider, state->dom->name);
++ talloc_zfree(state->sdom);
++ }
++
++ if (state->dom != NULL) {
++ DEBUG(SSSDBG_TRACE_ALL, "Removing domain [%s].\n", state->dom->name);
++ sss_domain_set_state(state->dom, DOM_DISABLED);
++ DLIST_REMOVE(state->be_ctx->domain->subdomains, state->dom);
++ talloc_zfree(state->dom);
++ }
++
++ return 0;
++}
++
++struct tevent_req *
++ad_check_domain_send(TALLOC_CTX *mem_ctx,
++ struct tevent_context *ev,
++ struct be_ctx *be_ctx,
++ struct ad_id_ctx *ad_id_ctx,
++ const char *dom_name,
++ const char *parent_dom_name)
++{
++ errno_t ret;
++ struct tevent_req *req;
++ struct tevent_req *subreq;
++ struct ad_check_domain_state *state;
++
++ req = tevent_req_create(mem_ctx, &state, struct ad_check_domain_state);
++ if (req == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
++ return NULL;
++ }
++
++ state->ev = ev;
++ state->be_ctx = be_ctx;
++ state->opts = ad_id_ctx->sdap_id_ctx->opts;
++ state->dom_name = dom_name;
++ state->parent = NULL;
++ state->sdom = NULL;
++
++ state->dom = find_domain_by_name(be_ctx->domain, dom_name, true);
++ if (state->dom == NULL) {
++ state->parent = find_domain_by_name(be_ctx->domain, parent_dom_name,
++ true);
++ if (state->parent == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Failed to find domain object for domain [%s].\n",
++ parent_dom_name);
++ ret = ENOENT;
++ goto immediately;
++ }
++
++ state->dom = new_subdomain(state->parent, state->parent, dom_name,
++ dom_name, NULL, NULL, MPG_DISABLED, false,
++ state->parent->forest,
++ NULL, 0, be_ctx->cdb, true);
++ if (state->dom == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "new_subdomain() failed.\n");
++ ret = EINVAL;
++ goto immediately;
++ }
++
++ talloc_set_destructor((TALLOC_CTX *) state, ad_check_domain_destructor);
++
++ DLIST_ADD_END(state->parent->subdomains, state->dom,
++ struct sss_domain_info *);
++
++ ret = sdap_domain_add(state->opts, state->dom, &state->sdom);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_domain_subdom_add failed.\n");
++ goto immediately;
++ }
++
++ ret = ad_set_search_bases(ad_id_ctx->ad_options->id, state->sdom);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_MINOR_FAILURE, "failed to set ldap search bases for "
++ "domain '%s'. Will try to use automatically detected search "
++ "bases.", state->sdom->dom->name);
++ }
++
++ }
++
++ state->dom_id_ctx = ads_get_dom_id_ctx(be_ctx, ad_id_ctx, state->dom,
++ state->opts);
++ if (state->dom_id_ctx == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "ads_get_dom_id_ctx() failed.\n");
++ ret = EINVAL;
++ goto immediately;
++ }
++
++ state->sdap_op = sdap_id_op_create(state,
++ state->dom_id_ctx->sdap_id_ctx->conn->conn_cache);
++ if (state->sdap_op == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create() failed\n");
++ ret = ENOMEM;
++ goto immediately;
++ }
++
++ subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
++ if (subreq == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_connect_send() failed "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ goto immediately;
++ }
++
++ tevent_req_set_callback(subreq, ad_check_domain_connect_done, req);
++
++ return req;
++
++immediately:
++ if (ret == EOK) {
++ tevent_req_done(req);
++ } else {
++ tevent_req_error(req, ret);
++ }
++ tevent_req_post(req, ev);
++
++ return req;
++}
++
++static void ad_check_domain_connect_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req;
++ struct ad_check_domain_state *state;
++ int ret;
++ int dp_error;
++
++ req = tevent_req_callback_data(subreq, struct tevent_req);
++ state = tevent_req_data(req, struct ad_check_domain_state);
++
++ ret = sdap_id_op_connect_recv(subreq, &dp_error);
++ talloc_zfree(subreq);
++
++ if (ret != EOK) {
++ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to connect to LDAP "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ if (dp_error == DP_ERR_OFFLINE) {
++ DEBUG(SSSDBG_MINOR_FAILURE, "No AD server is available, "
++ "cannot get the subdomain list while offline\n");
++ ret = ERR_OFFLINE;
++ }
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ subreq = ad_domain_info_send(state, state->ev,
++ state->dom_id_ctx->sdap_id_ctx->conn,
++ state->sdap_op, state->dom_name);
++
++ tevent_req_set_callback(subreq, ad_check_domain_done, req);
++
++ return;
++}
++
++static void ad_check_domain_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req;
++ struct ad_check_domain_state *state;
++ errno_t ret;
++
++
++ req = tevent_req_callback_data(subreq, struct tevent_req);
++ state = tevent_req_data(req, struct ad_check_domain_state);
++
++ ret = ad_domain_info_recv(subreq, state, &state->flat, &state->sid,
++ &state->site, &state->forest);
++ talloc_zfree(subreq);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "Unable to lookup domain information "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ goto done;
++ }
++ DEBUG(SSSDBG_TRACE_ALL, "%s %s %s %s.\n", state->flat, state->sid,
++ state->site, state->forest);
++
++ /* New domain was successfully checked, remove destructor. */
++ talloc_set_destructor(state, NULL);
++
++ ret = EOK;
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ tevent_req_done(req);
++}
++
++errno_t ad_check_domain_recv(TALLOC_CTX *mem_ctx,
++ struct tevent_req *req,
++ char **_flat,
++ char **_id,
++ char **_site,
++ char **_forest)
++{
++ struct ad_check_domain_state *state = tevent_req_data(req,
++ struct ad_check_domain_state);
++
++ TEVENT_REQ_RETURN_ON_ERROR(req);
++
++ if (_flat) {
++ *_flat = talloc_steal(mem_ctx, state->flat);
++ }
++
++ if (_site) {
++ *_site = talloc_steal(mem_ctx, state->site);
++ }
++
++ if (_forest) {
++ *_forest = talloc_steal(mem_ctx, state->forest);
++ }
++
++ if (_id) {
++ *_id = talloc_steal(mem_ctx, state->sid);
++ }
++
++ return EOK;
++}
+--
+2.21.3
+
diff --git a/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch b/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch
deleted file mode 100644
index 25254a6..0000000
--- a/SOURCES/0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch
+++ /dev/null
@@ -1,91 +0,0 @@
-From adc7730a4e1b9721c93863a1b283457e9c02a3c5 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 17:55:24 +0100
-Subject: [PATCH 18/23] sss_ptr_hash: don't keep empty sss_ptr_hash_delete_data
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There is no need to allocate memory for `sss_ptr_hash_delete_data`
-if table user doesn't provide custom delete callback.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 36 ++++++++++++++++++++----------------
- 1 file changed, 20 insertions(+), 16 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index 8f9762cb9..f8addec1e 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -138,12 +138,6 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- struct sss_ptr_hash_value *value;
- struct hash_entry_t callback_entry;
-
-- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-- if (data == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-- return;
-- }
--
- value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value);
- if (value == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n");
-@@ -157,8 +151,14 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- /* Free value, this also will disable spy */
- talloc_free(value);
-
-- /* Switch to the input value and call custom callback. */
-- if (data->callback != NULL) {
-+ if (pvt != NULL) {
-+ /* Switch to the input value and call custom callback. */
-+ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-+ if (data == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-+ return;
-+ }
-+
- data->callback(&callback_entry, deltype, data->pvt);
- }
- }
-@@ -167,17 +167,19 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- hash_delete_callback *del_cb,
- void *del_cb_pvt)
- {
-- struct sss_ptr_hash_delete_data *data;
-+ struct sss_ptr_hash_delete_data *data = NULL;
- hash_table_t *table;
- errno_t ret;
-
-- data = talloc_zero(NULL, struct sss_ptr_hash_delete_data);
-- if (data == NULL) {
-- return NULL;
-- }
-+ if (del_cb != NULL) {
-+ data = talloc_zero(NULL, struct sss_ptr_hash_delete_data);
-+ if (data == NULL) {
-+ return NULL;
-+ }
-
-- data->callback = del_cb;
-- data->pvt = del_cb_pvt;
-+ data->callback = del_cb;
-+ data->pvt = del_cb_pvt;
-+ }
-
- ret = sss_hash_create_ex(mem_ctx, 10, &table, 0, 0, 0, 0,
- sss_ptr_hash_delete_cb, data);
-@@ -188,7 +190,9 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- return NULL;
- }
-
-- talloc_steal(table, data);
-+ if (data != NULL) {
-+ talloc_steal(table, data);
-+ }
-
- return table;
- }
---
-2.20.1
-
diff --git a/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch b/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
new file mode 100644
index 0000000..d1c4eb9
--- /dev/null
+++ b/SOURCES/0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
@@ -0,0 +1,281 @@
+From e25e1e9228a6108d8e94f2e99f3004e6cbfc3349 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Tue, 12 May 2020 16:55:32 +0200
+Subject: [PATCH 19/19] ad: check forest root directly if not present on local
+ DC
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+If the information about the forest root domain cannot be read from the
+local domain-controller it is tried to read it from a DC of the forest
+root directly.
+
+Resolves: https://github.com/SSSD/sssd/issues/5151
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/providers/ad/ad_subdomains.c | 184 +++++++++++++++++++++++++++----
+ 1 file changed, 164 insertions(+), 20 deletions(-)
+
+diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
+index 299aa7391..7c6f51db7 100644
+--- a/src/providers/ad/ad_subdomains.c
++++ b/src/providers/ad/ad_subdomains.c
+@@ -35,6 +35,10 @@
+ #include <ndr.h>
+ #include <ndr/ndr_nbt.h>
+
++/* Avoid that ldb_val is overwritten by data_blob.h */
++#undef ldb_val
++#include <ldb.h>
++
+ /* Attributes of AD trusted domains */
+ #define AD_AT_FLATNAME "flatName"
+ #define AD_AT_SID "securityIdentifier"
+@@ -1258,15 +1262,37 @@ ads_get_dom_id_ctx(struct be_ctx *be_ctx,
+
+ struct ad_get_root_domain_state {
+ struct ad_subdomains_ctx *sd_ctx;
++ struct tevent_context *ev;
+ struct be_ctx *be_ctx;
+ struct sdap_idmap_ctx *idmap_ctx;
+ struct sdap_options *opts;
++ const char *domain;
++ const char *forest;
+
++ struct sysdb_attrs **reply;
++ size_t reply_count;
+ struct ad_id_ctx *root_id_ctx;
+ struct sysdb_attrs *root_domain_attrs;
+ };
+
+ static void ad_get_root_domain_done(struct tevent_req *subreq);
++static void ad_check_root_domain_done(struct tevent_req *subreq);
++static errno_t
++ad_get_root_domain_refresh(struct ad_get_root_domain_state *state);
++
++struct tevent_req *
++ad_check_domain_send(TALLOC_CTX *mem_ctx,
++ struct tevent_context *ev,
++ struct be_ctx *be_ctx,
++ struct ad_id_ctx *ad_id_ctx,
++ const char *dom_name,
++ const char *parent_dom_name);
++errno_t ad_check_domain_recv(TALLOC_CTX *mem_ctx,
++ struct tevent_req *req,
++ char **_flat,
++ char **_id,
++ char **_site,
++ char **_forest);
+
+ static struct tevent_req *
+ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
+@@ -1305,6 +1331,9 @@ ad_get_root_domain_send(TALLOC_CTX *mem_ctx,
+ state->opts = opts = sd_ctx->sdap_id_ctx->opts;
+ state->be_ctx = sd_ctx->be_ctx;
+ state->idmap_ctx = opts->idmap_ctx;
++ state->ev = ev;
++ state->domain = domain;
++ state->forest = forest;
+
+ filter = talloc_asprintf(state, FOREST_ROOT_FILTER_FMT, forest);
+ if (filter == NULL) {
+@@ -1340,17 +1369,14 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ {
+ struct tevent_req *req;
+ struct ad_get_root_domain_state *state;
+- struct sysdb_attrs **reply;
+- struct sss_domain_info *root_domain;
+- size_t reply_count;
+- bool has_changes;
+ errno_t ret;
+
+ req = tevent_req_callback_data(subreq, struct tevent_req);
+ state = tevent_req_data(req, struct ad_get_root_domain_state);
+
+- ret = sdap_search_bases_return_first_recv(subreq, state, &reply_count,
+- &reply);
++ ret = sdap_search_bases_return_first_recv(subreq, state,
++ &state->reply_count,
++ &state->reply);
+ talloc_zfree(subreq);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, "Unable to lookup forest root information "
+@@ -1358,19 +1384,142 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ goto done;
+ }
+
+- if (reply_count == 0) {
+- DEBUG(SSSDBG_OP_FAILURE, "No information provided for root domain\n");
+- ret = ENOENT;
+- goto done;
+- } else if (reply_count > 1) {
++ if (state->reply_count == 0) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "No information provided for root domain, trying directly.\n");
++ subreq = ad_check_domain_send(state, state->ev, state->be_ctx,
++ state->sd_ctx->ad_id_ctx, state->forest,
++ state->domain);
++ if (subreq == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "ad_check_domain_send() failed.\n");
++ ret = ENOMEM;
++ goto done;
++ }
++ tevent_req_set_callback(subreq, ad_check_root_domain_done, req);
++ return;
++ } else if (state->reply_count > 1) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Multiple results for root domain search, "
+ "domain list might be incomplete!\n");
+ ret = ERR_MALFORMED_ENTRY;
+ goto done;
+ }
+
++ ret = ad_get_root_domain_refresh(state);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
++ }
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ tevent_req_done(req);
++}
++
++static void ad_check_root_domain_done(struct tevent_req *subreq)
++{
++ struct tevent_req *req;
++ struct ad_get_root_domain_state *state;
++ errno_t ret;
++ char *flat = NULL;
++ char *id = NULL;
++ enum idmap_error_code err;
++ struct ldb_val id_val;
++
++ req = tevent_req_callback_data(subreq, struct tevent_req);
++ state = tevent_req_data(req, struct ad_get_root_domain_state);
++
++ ret = ad_check_domain_recv(state, subreq, &flat, &id, NULL, NULL);
++ talloc_zfree(subreq);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "Unable to check forest root information "
++ "[%d]: %s\n", ret, sss_strerror(ret));
++ goto done;
++ }
++
++ if (flat == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "NetBIOS name of forest root not available.\n");
++ ret = EINVAL;
++ goto done;
++ }
++
++ if (id == NULL) {
++ DEBUG(SSSDBG_CRIT_FAILURE,
++ "Domain SID of forest root not available.\n");
++ ret = EINVAL;
++ goto done;
++ }
++
++ state->reply = talloc_array(state, struct sysdb_attrs *, 1);
++ if (state->reply == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "talloc_array() failed.\n");
++ ret = ENOMEM;
++ goto done;
++ }
++
++ state->reply[0] = sysdb_new_attrs(state->reply);
++ if (state->reply[0] == NULL) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs() failed.\n");
++ ret = ENOMEM;
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_FLATNAME, flat);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_string(state->reply[0], AD_AT_TRUST_PARTNER,
++ state->forest);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
++ goto done;
++ }
++
++ err = sss_idmap_sid_to_bin_sid(state->idmap_ctx->map, id,
++ &id_val.data, &id_val.length);
++ if (err != IDMAP_SUCCESS) {
++ DEBUG(SSSDBG_OP_FAILURE,
++ "Could not convert SID: [%s].\n", idmap_error_string(err));
++ ret = EFAULT;
++ goto done;
++ }
++
++ ret = sysdb_attrs_add_val(state->reply[0], AD_AT_SID, &id_val);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_string() failed.\n");
++ goto done;
++ }
++
++ state->reply_count = 1;
++
++ ret = ad_get_root_domain_refresh(state);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "ad_get_root_domain_refresh() failed.\n");
++ }
++
++done:
++ if (ret != EOK) {
++ tevent_req_error(req, ret);
++ return;
++ }
++
++ tevent_req_done(req);
++}
++
++static errno_t
++ad_get_root_domain_refresh(struct ad_get_root_domain_state *state)
++{
++ struct sss_domain_info *root_domain;
++ bool has_changes;
++ errno_t ret;
++
+ ret = ad_subdomains_refresh(state->be_ctx, state->idmap_ctx, state->opts,
+- reply, reply_count, true,
++ state->reply, state->reply_count, true,
+ &state->sd_ctx->last_refreshed,
+ &has_changes);
+ if (ret != EOK) {
+@@ -1387,8 +1536,8 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ }
+ }
+
+- state->root_domain_attrs = reply[0];
+- root_domain = ads_get_root_domain(state->be_ctx, reply[0]);
++ state->root_domain_attrs = state->reply[0];
++ root_domain = ads_get_root_domain(state->be_ctx, state->reply[0]);
+ if (root_domain == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, "Could not find the root domain\n");
+ ret = EFAULT;
+@@ -1407,12 +1556,7 @@ static void ad_get_root_domain_done(struct tevent_req *subreq)
+ ret = EOK;
+
+ done:
+- if (ret != EOK) {
+- tevent_req_error(req, ret);
+- return;
+- }
+-
+- tevent_req_done(req);
++ return ret;
+ }
+
+ static errno_t ad_get_root_domain_recv(TALLOC_CTX *mem_ctx,
+--
+2.21.3
+
diff --git a/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch b/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch
deleted file mode 100644
index b56423a..0000000
--- a/SOURCES/0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch
+++ /dev/null
@@ -1,62 +0,0 @@
-From d0eb88089b059bfe2da3bd1a3797b89d69119c29 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 19:00:27 +0100
-Subject: [PATCH 19/23] sss_ptr_hash: sss_ptr_hash_delete fix/optimization
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
- - no reason to skip hash_delete() just because sss_ptr_hash_lookup_internal()
-failed
- - avoid excessive lookup if it is not required to free payload
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 17 +++++++++--------
- 1 file changed, 9 insertions(+), 8 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index f8addec1e..7326244e6 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -331,20 +331,21 @@ void sss_ptr_hash_delete(hash_table_t *table,
- struct sss_ptr_hash_value *value;
- hash_key_t table_key;
- int hret;
-- void *ptr;
-+ void *payload;
-
- if (table == NULL || key == NULL) {
- return;
- }
-
-- value = sss_ptr_hash_lookup_internal(table, key);
-- if (value == NULL) {
-- /* Value not found. */
-- return;
-+ if (free_value) {
-+ value = sss_ptr_hash_lookup_internal(table, key);
-+ if (value == NULL) {
-+ free_value = false;
-+ } else {
-+ payload = value->ptr;
-+ }
- }
-
-- ptr = value->ptr;
--
- table_key.type = HASH_KEY_STRING;
- table_key.str = discard_const_p(char, key);
-
-@@ -357,7 +358,7 @@ void sss_ptr_hash_delete(hash_table_t *table,
-
- /* Also free the original value if requested. */
- if (free_value) {
-- talloc_free(ptr);
-+ talloc_free(payload);
- }
-
- return;
---
-2.20.1
-
diff --git a/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch b/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch
new file mode 100644
index 0000000..83826ef
--- /dev/null
+++ b/SOURCES/0020-man-Document-invalid-selinux-context-for-homedirs.patch
@@ -0,0 +1,44 @@
+From d8d743870c459b5ff283c89d78b70d1684bd19a9 Mon Sep 17 00:00:00 2001
+From: Tomas Halman <thalman@redhat.com>
+Date: Wed, 13 May 2020 09:45:56 +0200
+Subject: [PATCH] man: Document invalid selinux context for homedirs
+
+The default value of fallback_homedir expands into path, that is not
+expected by selinux. Generally not only selinux might be affected by
+this default value. This PR documents the issue and recommends
+further steps.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5155
+
+Reviewed-by: Alexey Tikhonov <atikhonov@redhat.com>
+---
+ src/man/include/ad_modified_defaults.xml | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/src/man/include/ad_modified_defaults.xml b/src/man/include/ad_modified_defaults.xml
+index 91623d57a..65c9a0140 100644
+--- a/src/man/include/ad_modified_defaults.xml
++++ b/src/man/include/ad_modified_defaults.xml
+@@ -92,6 +92,18 @@
+ this fallback behavior, you can explicitly
+ set "fallback_homedir = %o".
+ </para>
++ <para>
++ Note that the system typically expects a home directory
++ in /home/%u folder. If you decide to use a different
++ directory structure, some other parts of your system may
++ need adjustments.
++ </para>
++ <para>
++ For example automated creation of home directories in
++ combination with selinux requires selinux adjustment,
++ otherwise the home directory will be created with wrong
++ selinux context.
++ </para>
+ </listitem>
+ </itemizedlist>
+ </refsect2>
+--
+2.21.3
+
diff --git a/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch b/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch
deleted file mode 100644
index b5a8ee4..0000000
--- a/SOURCES/0020-sss_ptr_hash-removed-redundant-check.patch
+++ /dev/null
@@ -1,35 +0,0 @@
-From 8cc2ce4e9060a71d441a377008fb2f567baa5d92 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 20:07:41 +0100
-Subject: [PATCH 20/23] sss_ptr_hash: removed redundant check
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-`sss_ptr_hash_check_type()` call would take care of this case.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 6 ------
- 1 file changed, 6 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index 7326244e6..bf111a613 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -268,12 +268,6 @@ sss_ptr_hash_lookup_internal(hash_table_t *table,
- return NULL;
- }
-
-- /* This may happen if we are in delete callback
-- * and we try to search the hash table. */
-- if (table_value.ptr == NULL) {
-- return NULL;
-- }
--
- if (!sss_ptr_hash_check_type(table_value.ptr, "struct sss_ptr_hash_value")) {
- return NULL;
- }
---
-2.20.1
-
diff --git a/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch b/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
new file mode 100644
index 0000000..dcfcf7e
--- /dev/null
+++ b/SOURCES/0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
@@ -0,0 +1,37 @@
+From 26c794da31c215fef3e41429f6f13afdaf349bee Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 3 Jun 2020 20:35:04 +0200
+Subject: [PATCH 21/22] pam_sss: add SERVICE_IS_GDM_SMARTCARD
+
+Resolves: https://github.com/SSSD/sssd/issues/5190
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/sss_client/pam_sss.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index 69b440774..7e59f0487 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -71,6 +71,8 @@
+ #define DEBUG_MGS_LEN 1024
+ #define MAX_AUTHTOK_SIZE (1024*1024)
+ #define CHECK_AND_RETURN_PI_STRING(s) ((s != NULL && *s != '\0')? s : "(not available)")
++#define SERVICE_IS_GDM_SMARTCARD(pitem) (strcmp((pitem)->pam_service, \
++ "gdm-smartcard") == 0)
+
+ static void logger(pam_handle_t *pamh, int level, const char *fmt, ...) {
+ va_list ap;
+@@ -2580,7 +2582,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ return PAM_AUTHINFO_UNAVAIL;
+ }
+
+- if (strcmp(pi.pam_service, "gdm-smartcard") == 0
++ if (SERVICE_IS_GDM_SMARTCARD(&pi)
+ || (flags & PAM_CLI_FLAGS_REQUIRE_CERT_AUTH)) {
+ ret = check_login_token_name(pamh, &pi, retries,
+ quiet_mode);
+--
+2.21.3
+
diff --git a/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch b/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch
deleted file mode 100644
index a9a9d8e..0000000
--- a/SOURCES/0021-sss_ptr_hash-fixed-memory-leak.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-From 4bc0c2c7833dd643fc1137daf6519670c05c3736 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Thu, 23 Jan 2020 21:11:16 +0100
-Subject: [PATCH 21/23] sss_ptr_hash: fixed memory leak
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-In case `override` check was failed in _sss_ptr_hash_add()
-`value` was leaking.
-Fixed to do `override` check before value allocation.
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 14 +++++++-------
- 1 file changed, 7 insertions(+), 7 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index bf111a613..114b6edeb 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -217,21 +217,21 @@ errno_t _sss_ptr_hash_add(hash_table_t *table,
- return ERR_INVALID_DATA_TYPE;
- }
-
-+ table_key.type = HASH_KEY_STRING;
-+ table_key.str = discard_const_p(char, key);
-+
-+ if (override == false && hash_has_key(table, &table_key)) {
-+ return EEXIST;
-+ }
-+
- value = sss_ptr_hash_value_create(table, key, talloc_ptr);
- if (value == NULL) {
- return ENOMEM;
- }
-
-- table_key.type = HASH_KEY_STRING;
-- table_key.str = discard_const_p(char, key);
--
- table_value.type = HASH_VALUE_PTR;
- table_value.ptr = value;
-
-- if (override == false && hash_has_key(table, &table_key)) {
-- return EEXIST;
-- }
--
- hret = hash_enter(table, &table_key, &table_value);
- if (hret != HASH_SUCCESS) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add key %s!\n", key);
---
-2.20.1
-
diff --git a/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch b/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch
new file mode 100644
index 0000000..fd8d83d
--- /dev/null
+++ b/SOURCES/0022-pam_sss-special-handling-for-gdm-smartcard.patch
@@ -0,0 +1,80 @@
+From 3ed254765fc92e9cc9e4c35335818eaf1256e0d6 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Wed, 3 Jun 2020 20:36:54 +0200
+Subject: [PATCH 22/22] pam_sss: special handling for gdm-smartcard
+
+The gdm-smartcard service is special since it is triggered by the
+presence of a Smartcard and even in the case of an error it will
+immediately try again. To break this loop we should ask for an user
+input and asking for a PIN is most straight forward and would show the
+same behavior as pam_pkcs11.
+
+Additionally it does not make sense to fall back the a password prompt
+for gdm-smartcard so also here a PIN prompt should be shown.
+
+Resolves: https://github.com/SSSD/sssd/issues/5190
+
+Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
+---
+ src/sss_client/pam_sss.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index 7e59f0487..093e53af5 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -1835,8 +1835,13 @@ static int prompt_sc_pin(pam_handle_t *pamh, struct pam_items *pi)
+ struct pam_message m[2] = { { 0 }, { 0 } };
+ struct pam_response *resp = NULL;
+ struct cert_auth_info *cai = pi->selected_cert;
++ struct cert_auth_info empty_cai = { NULL, NULL, discard_const("Smartcard"),
++ NULL, NULL, NULL, NULL, NULL };
+
+- if (cai == NULL || cai->token_name == NULL || *cai->token_name == '\0') {
++ if (cai == NULL && SERVICE_IS_GDM_SMARTCARD(pi)) {
++ cai = &empty_cai;
++ } else if (cai == NULL || cai->token_name == NULL
++ || *cai->token_name == '\0') {
+ return PAM_SYSTEM_ERR;
+ }
+
+@@ -2188,6 +2193,9 @@ static int get_authtok_for_authentication(pam_handle_t *pamh,
+ }
+ }
+ ret = prompt_sc_pin(pamh, pi);
++ } else if (SERVICE_IS_GDM_SMARTCARD(pi)) {
++ /* Use pin prompt as fallback for gdm-smartcard */
++ ret = prompt_sc_pin(pamh, pi);
+ } else {
+ ret = prompt_password(pamh, pi, _("Password: "));
+ }
+@@ -2496,7 +2504,7 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ {
+ int ret;
+ int pam_status;
+- struct pam_items pi;
++ struct pam_items pi = { 0 };
+ uint32_t flags = 0;
+ const int *exp_data;
+ int *pw_exp_data;
+@@ -2570,7 +2578,8 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ /*
+ * Since we are only interested in the result message
+ * and will always use password authentication
+- * as a fallback, errors can be ignored here.
++ * as a fallback (except for gdm-smartcard),
++ * errors can be ignored here.
+ */
+ }
+ }
+@@ -2588,7 +2597,6 @@ static int pam_sss(enum sss_cli_command task, pam_handle_t *pamh,
+ quiet_mode);
+ if (ret != PAM_SUCCESS) {
+ D(("check_login_token_name failed.\n"));
+- return ret;
+ }
+ }
+
+--
+2.21.3
+
diff --git a/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch b/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch
deleted file mode 100644
index c58fbd8..0000000
--- a/SOURCES/0022-sss_ptr_hash-internal-refactoring.patch
+++ /dev/null
@@ -1,366 +0,0 @@
-From 0bb1289252eec972ea26721a92adc7db47383f76 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Fri, 24 Jan 2020 23:57:39 +0100
-Subject: [PATCH 22/23] sss_ptr_hash: internal refactoring
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-sss_ptr_hash code was refactored:
- - got rid of a "spy" to make logic cleaner
- - table got destructor to wipe its content
- - described some usage limitation in the documentation
-
-And resolves: https://pagure.io/SSSD/sssd/issue/4135
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/util/sss_ptr_hash.c | 183 +++++++++++++++++-----------------------
- src/util/sss_ptr_hash.h | 17 +++-
- 2 files changed, 91 insertions(+), 109 deletions(-)
-
-diff --git a/src/util/sss_ptr_hash.c b/src/util/sss_ptr_hash.c
-index 114b6edeb..6409236c7 100644
---- a/src/util/sss_ptr_hash.c
-+++ b/src/util/sss_ptr_hash.c
-@@ -39,67 +39,35 @@ static bool sss_ptr_hash_check_type(void *ptr, const char *type)
- return true;
- }
-
-+static int sss_ptr_hash_table_destructor(hash_table_t *table)
-+{
-+ sss_ptr_hash_delete_all(table, false);
-+ return 0;
-+}
-+
- struct sss_ptr_hash_delete_data {
- hash_delete_callback *callback;
- void *pvt;
- };
-
- struct sss_ptr_hash_value {
-- struct sss_ptr_hash_spy *spy;
-- void *ptr;
--};
--
--struct sss_ptr_hash_spy {
-- struct sss_ptr_hash_value *value;
- hash_table_t *table;
- const char *key;
-+ void *payload;
- };
-
--static int
--sss_ptr_hash_spy_destructor(struct sss_ptr_hash_spy *spy)
--{
-- spy->value->spy = NULL;
--
-- /* This results in removing entry from hash table and freeing the value. */
-- sss_ptr_hash_delete(spy->table, spy->key, false);
--
-- return 0;
--}
--
--static struct sss_ptr_hash_spy *
--sss_ptr_hash_spy_create(TALLOC_CTX *mem_ctx,
-- hash_table_t *table,
-- const char *key,
-- struct sss_ptr_hash_value *value)
--{
-- struct sss_ptr_hash_spy *spy;
--
-- spy = talloc_zero(mem_ctx, struct sss_ptr_hash_spy);
-- if (spy == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
-- return NULL;
-- }
--
-- spy->key = talloc_strdup(spy, key);
-- if (spy->key == NULL) {
-- talloc_free(spy);
-- return NULL;
-- }
--
-- spy->table = table;
-- spy->value = value;
-- talloc_set_destructor(spy, sss_ptr_hash_spy_destructor);
--
-- return spy;
--}
--
- static int
- sss_ptr_hash_value_destructor(struct sss_ptr_hash_value *value)
- {
-- if (value->spy != NULL) {
-- /* Disable spy destructor and free it. */
-- talloc_set_destructor(value->spy, NULL);
-- talloc_zfree(value->spy);
-+ hash_key_t table_key;
-+
-+ if (value->table && value->key) {
-+ table_key.type = HASH_KEY_STRING;
-+ table_key.str = discard_const_p(char, value->key);
-+ if (hash_delete(value->table, &table_key) != HASH_SUCCESS) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "failed to delete entry with key '%s'\n", value->key);
-+ }
- }
-
- return 0;
-@@ -112,18 +80,19 @@ sss_ptr_hash_value_create(hash_table_t *table,
- {
- struct sss_ptr_hash_value *value;
-
-- value = talloc_zero(table, struct sss_ptr_hash_value);
-+ value = talloc_zero(talloc_ptr, struct sss_ptr_hash_value);
- if (value == NULL) {
- return NULL;
- }
-
-- value->spy = sss_ptr_hash_spy_create(talloc_ptr, table, key, value);
-- if (value->spy == NULL) {
-+ value->key = talloc_strdup(value, key);
-+ if (value->key == NULL) {
- talloc_free(value);
- return NULL;
- }
-
-- value->ptr = talloc_ptr;
-+ value->table = table;
-+ value->payload = talloc_ptr;
- talloc_set_destructor(value, sss_ptr_hash_value_destructor);
-
- return value;
-@@ -138,29 +107,31 @@ sss_ptr_hash_delete_cb(hash_entry_t *item,
- struct sss_ptr_hash_value *value;
- struct hash_entry_t callback_entry;
-
-+ if (pvt == NULL) {
-+ return;
-+ }
-+
- value = talloc_get_type(item->value.ptr, struct sss_ptr_hash_value);
- if (value == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid value!\n");
- return;
- }
-
-+ /* Switch to the input value and call custom callback. */
-+ data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-+ if (data == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-+ return;
-+ }
-+
- callback_entry.key = item->key;
- callback_entry.value.type = HASH_VALUE_PTR;
-- callback_entry.value.ptr = value->ptr;
--
-- /* Free value, this also will disable spy */
-- talloc_free(value);
--
-- if (pvt != NULL) {
-- /* Switch to the input value and call custom callback. */
-- data = talloc_get_type(pvt, struct sss_ptr_hash_delete_data);
-- if (data == NULL) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Invalid data!\n");
-- return;
-- }
--
-- data->callback(&callback_entry, deltype, data->pvt);
-- }
-+ callback_entry.value.ptr = value->payload;
-+ /* Even if execution is already in the context of
-+ * talloc_free(payload) -> talloc_free(value) -> ...
-+ * there still might be legitimate reasons to execute callback.
-+ */
-+ data->callback(&callback_entry, deltype, data->pvt);
- }
-
- hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
-@@ -194,6 +165,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- talloc_steal(table, data);
- }
-
-+ talloc_set_destructor(table, sss_ptr_hash_table_destructor);
-+
- return table;
- }
-
-@@ -282,15 +255,15 @@ void *_sss_ptr_hash_lookup(hash_table_t *table,
- struct sss_ptr_hash_value *value;
-
- value = sss_ptr_hash_lookup_internal(table, key);
-- if (value == NULL || value->ptr == NULL) {
-+ if (value == NULL || value->payload == NULL) {
- return NULL;
- }
-
-- if (!sss_ptr_hash_check_type(value->ptr, type)) {
-+ if (!sss_ptr_hash_check_type(value->payload, type)) {
- return NULL;
- }
-
-- return value->ptr;
-+ return value->payload;
- }
-
- void *_sss_ptr_get_value(hash_value_t *table_value,
-@@ -311,11 +284,11 @@ void *_sss_ptr_get_value(hash_value_t *table_value,
-
- value = table_value->ptr;
-
-- if (!sss_ptr_hash_check_type(value->ptr, type)) {
-+ if (!sss_ptr_hash_check_type(value->payload, type)) {
- return NULL;
- }
-
-- return value->ptr;
-+ return value->payload;
- }
-
- void sss_ptr_hash_delete(hash_table_t *table,
-@@ -323,74 +296,70 @@ void sss_ptr_hash_delete(hash_table_t *table,
- bool free_value)
- {
- struct sss_ptr_hash_value *value;
-- hash_key_t table_key;
-- int hret;
-- void *payload;
-+ void *payload = NULL;
-
- if (table == NULL || key == NULL) {
- return;
- }
-
-- if (free_value) {
-- value = sss_ptr_hash_lookup_internal(table, key);
-- if (value == NULL) {
-- free_value = false;
-- } else {
-- payload = value->ptr;
-- }
-- }
--
-- table_key.type = HASH_KEY_STRING;
-- table_key.str = discard_const_p(char, key);
--
-- /* Delete table entry. This will free value and spy in delete callback. */
-- hret = hash_delete(table, &table_key);
-- if (hret != HASH_SUCCESS && hret != HASH_ERROR_KEY_NOT_FOUND) {
-- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to remove key from table [%d]\n",
-- hret);
-+ value = sss_ptr_hash_lookup_internal(table, key);
-+ if (value == NULL) {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Unable to remove key '%s' from table\n", key);
-+ return;
- }
-
-- /* Also free the original value if requested. */
- if (free_value) {
-- talloc_free(payload);
-+ payload = value->payload;
- }
-
-+ talloc_free(value); /* this will call hash_delete() in value d-tor */
-+
-+ talloc_free(payload); /* it is safe to call talloc_free(NULL) */
-+
- return;
- }
-
- void sss_ptr_hash_delete_all(hash_table_t *table,
- bool free_values)
- {
-+ hash_value_t *content;
- struct sss_ptr_hash_value *value;
-- hash_value_t *values;
-+ void *payload = NULL;
- unsigned long count;
- unsigned long i;
- int hret;
-- void *ptr;
-
- if (table == NULL) {
- return;
- }
-
-- hret = hash_values(table, &count, &values);
-+ hret = hash_values(table, &count, &content);
- if (hret != HASH_SUCCESS) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get values [%d]\n", hret);
- return;
- }
-
-- for (i = 0; i < count; i++) {
-- value = values[i].ptr;
-- ptr = value->ptr;
--
-- /* This will remove the entry from hash table and free value. */
-- talloc_free(value->spy);
--
-- if (free_values) {
-- /* Also free the original value. */
-- talloc_free(ptr);
-+ for (i = 0; i < count; ++i) {
-+ if ((content[i].type == HASH_VALUE_PTR) &&
-+ sss_ptr_hash_check_type(content[i].ptr,
-+ "struct sss_ptr_hash_value")) {
-+ value = content[i].ptr;
-+ if (free_values) {
-+ payload = value->payload;
-+ }
-+ talloc_free(value);
-+ if (free_values) {
-+ talloc_free(payload); /* it's safe to call talloc_free(NULL) */
-+ }
-+ } else {
-+ DEBUG(SSSDBG_CRIT_FAILURE,
-+ "Unexpected type of table content, skipping");
- }
- }
-
-+ talloc_free(content);
-+
- return;
- }
-
-diff --git a/src/util/sss_ptr_hash.h b/src/util/sss_ptr_hash.h
-index 56bb19a65..0889b171a 100644
---- a/src/util/sss_ptr_hash.h
-+++ b/src/util/sss_ptr_hash.h
-@@ -28,7 +28,19 @@
-
- /**
- * Create a new hash table with string key and talloc pointer value with
-- * possible delete callback.
-+ * possible custom delete callback @del_cb.
-+ * Table will have destructor setup to wipe content.
-+ * Never call hash_destroy(table) and hash_delete() explicitly but rather
-+ * use talloc_free(table) and sss_ptr_hash_delete().
-+ *
-+ * A notes about @del_cb:
-+ * - this callback must never modify hash table (i.e. add/del entries);
-+ * - this callback is triggered when value is either explicitly removed
-+ * from the table or simply freed (latter leads to removal of an entry
-+ * from the table);
-+ * - this callback is also triggered for every entry when table is freed
-+ * entirely. In this case (deltype == HASH_TABLE_DESTROY) any table
-+ * lookups / iteration are forbidden as table might be already invalidated.
- */
- hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- hash_delete_callback *del_cb,
-@@ -41,7 +53,8 @@ hash_table_t *sss_ptr_hash_create(TALLOC_CTX *mem_ctx,
- * the value is overridden. Otherwise EEXIST error is returned.
- *
- * If talloc_ptr is freed the key and value are automatically
-- * removed from the hash table.
-+ * removed from the hash table (del_cb that was set up during
-+ * table creation is executed as a first step of this removal).
- *
- * @return EOK If the <@key, @talloc_ptr> pair was inserted.
- * @return EEXIST If @key already exists and @override is false.
---
-2.20.1
-
diff --git a/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch b/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch
deleted file mode 100644
index 1640cf7..0000000
--- a/SOURCES/0023-TESTS-added-sss_ptr_hash-unit-test.patch
+++ /dev/null
@@ -1,266 +0,0 @@
-From 88b23bf50dd1c12413f3314639de2c3909bd9098 Mon Sep 17 00:00:00 2001
-From: Alexey Tikhonov <atikhono@redhat.com>
-Date: Tue, 28 Jan 2020 19:26:08 +0100
-Subject: [PATCH 23/23] TESTS: added sss_ptr_hash unit test
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- Makefile.am | 1 +
- src/tests/cmocka/test_sss_ptr_hash.c | 193 +++++++++++++++++++++++++++
- src/tests/cmocka/test_utils.c | 9 ++
- src/tests/cmocka/test_utils.h | 6 +
- 4 files changed, 209 insertions(+)
- create mode 100644 src/tests/cmocka/test_sss_ptr_hash.c
-
-diff --git a/Makefile.am b/Makefile.am
-index 57ba51356..c991f2aa0 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -3054,6 +3054,7 @@ test_ipa_idmap_LDADD = \
- test_utils_SOURCES = \
- src/tests/cmocka/test_utils.c \
- src/tests/cmocka/test_string_utils.c \
-+ src/tests/cmocka/test_sss_ptr_hash.c \
- src/p11_child/p11_child_common_utils.c \
- $(NULL)
- if BUILD_SSH
-diff --git a/src/tests/cmocka/test_sss_ptr_hash.c b/src/tests/cmocka/test_sss_ptr_hash.c
-new file mode 100644
-index 000000000..1458238f5
---- /dev/null
-+++ b/src/tests/cmocka/test_sss_ptr_hash.c
-@@ -0,0 +1,193 @@
-+/*
-+ Copyright (C) 2020 Red Hat
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include "tests/cmocka/common_mock.h"
-+#include "util/sss_ptr_hash.h"
-+
-+static const int MAX_ENTRIES_AMOUNT = 5;
-+
-+static void populate_table(hash_table_t *table, int **payloads)
-+{
-+ char key[2] = {'z', 0};
-+
-+ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) {
-+ payloads[i] = talloc_zero(global_talloc_context, int);
-+ assert_non_null(payloads[i]);
-+ *payloads[i] = i;
-+ key[0] = '0'+(char)i;
-+ assert_int_equal(sss_ptr_hash_add(table, key, payloads[i], int), 0);
-+ }
-+
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT);
-+}
-+
-+static void free_payload_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt)
-+{
-+ int *counter;
-+
-+ assert_non_null(item);
-+ assert_non_null(item->value.ptr);
-+ talloc_zfree(item->value.ptr);
-+
-+ assert_non_null(pvt);
-+ counter = (int *)pvt;
-+ (*counter)++;
-+}
-+
-+void test_sss_ptr_hash_with_free_cb(void **state)
-+{
-+ hash_table_t *table;
-+ int free_counter = 0;
-+ int *payloads[MAX_ENTRIES_AMOUNT];
-+
-+ table = sss_ptr_hash_create(global_talloc_context,
-+ free_payload_cb,
-+ &free_counter);
-+ assert_non_null(table);
-+
-+ populate_table(table, payloads);
-+
-+ /* check explicit removal from the hash */
-+ sss_ptr_hash_delete(table, "1", false);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+ assert_int_equal(free_counter, 1);
-+
-+ /* check implicit removal triggered by payload deletion */
-+ talloc_free(payloads[3]);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+ assert_int_equal(free_counter, 2);
-+
-+ /* try to remove non existent entry */
-+ sss_ptr_hash_delete(table, "q", false);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+ assert_int_equal(free_counter, 2);
-+
-+ /* clear all */
-+ sss_ptr_hash_delete_all(table, false);
-+ assert_int_equal((int)hash_count(table), 0);
-+ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT);
-+
-+ /* check that table is still operable */
-+ populate_table(table, payloads);
-+ sss_ptr_hash_delete(table, "2", false);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT+1);
-+
-+ talloc_free(table);
-+ assert_int_equal(free_counter, MAX_ENTRIES_AMOUNT*2);
-+}
-+
-+struct table_wrapper
-+{
-+ hash_table_t **table;
-+};
-+
-+static void lookup_cb(hash_entry_t *item, hash_destroy_enum type, void *pvt)
-+{
-+ hash_table_t *table;
-+ hash_key_t *keys;
-+ unsigned long count;
-+ int *value = NULL;
-+ int sum = 0;
-+
-+ assert_non_null(pvt);
-+ table = *((struct table_wrapper *)pvt)->table;
-+ assert_non_null(table);
-+
-+ if (type == HASH_TABLE_DESTROY) {
-+ /* table is being destroyed */
-+ return;
-+ }
-+
-+ assert_int_equal(hash_keys(table, &count, &keys), HASH_SUCCESS);
-+ for (unsigned int i = 0; i < count; ++i) {
-+ assert_int_equal(keys[i].type, HASH_KEY_STRING);
-+ value = sss_ptr_hash_lookup(table, keys[i].c_str, int);
-+ assert_non_null(value);
-+ sum += *value;
-+ }
-+ DEBUG(SSSDBG_TRACE_ALL, "sum of all values = %d\n", sum);
-+ talloc_free(keys);
-+}
-+
-+/* main difference with `test_sss_ptr_hash_with_free_cb()`
-+ * is that table cb here doesn't delete payload so
-+ * this is requested via `free_value(s)` arg
-+ */
-+void test_sss_ptr_hash_with_lookup_cb(void **state)
-+{
-+ hash_table_t *table;
-+ struct table_wrapper wrapper;
-+ int *payloads[MAX_ENTRIES_AMOUNT];
-+
-+ wrapper.table = &table;
-+ table = sss_ptr_hash_create(global_talloc_context,
-+ lookup_cb,
-+ &wrapper);
-+ assert_non_null(table);
-+
-+ populate_table(table, payloads);
-+
-+ /* check explicit removal from the hash */
-+ sss_ptr_hash_delete(table, "2", true);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+
-+ /* check implicit removal triggered by payload deletion */
-+ talloc_free(payloads[0]);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+
-+ /* clear all */
-+ sss_ptr_hash_delete_all(table, true);
-+ assert_int_equal((int)hash_count(table), 0);
-+ /* teardown function shall verify there are no leaks
-+ * on global_talloc_context and so that payloads[] were freed
-+ */
-+
-+ /* check that table is still operable */
-+ populate_table(table, payloads);
-+
-+ talloc_free(table);
-+ /* d-tor triggers hash_destroy() but since cb here doesn free payload
-+ * this should be done manually
-+ */
-+ for (int i = 0; i < MAX_ENTRIES_AMOUNT; ++i) {
-+ talloc_free(payloads[i]);
-+ }
-+}
-+
-+/* Just smoke test to verify that absence of cb doesn't break anything */
-+void test_sss_ptr_hash_without_cb(void **state)
-+{
-+ hash_table_t *table;
-+ int *payloads[MAX_ENTRIES_AMOUNT];
-+
-+ table = sss_ptr_hash_create(global_talloc_context, NULL, NULL);
-+ assert_non_null(table);
-+
-+ populate_table(table, payloads);
-+
-+ sss_ptr_hash_delete(table, "4", true);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-1);
-+
-+ talloc_free(payloads[1]);
-+ assert_int_equal((int)hash_count(table), MAX_ENTRIES_AMOUNT-2);
-+
-+ sss_ptr_hash_delete_all(table, true);
-+ assert_int_equal((int)hash_count(table), 0);
-+
-+ talloc_free(table);
-+}
-diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c
-index 666f32903..c5eda4dd2 100644
---- a/src/tests/cmocka/test_utils.c
-+++ b/src/tests/cmocka/test_utils.c
-@@ -2055,6 +2055,15 @@ int main(int argc, const char *argv[])
- cmocka_unit_test_setup_teardown(test_sss_get_domain_mappings_content,
- setup_dom_list_with_subdomains,
- teardown_dom_list),
-+ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_free_cb,
-+ setup_leak_tests,
-+ teardown_leak_tests),
-+ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_with_lookup_cb,
-+ setup_leak_tests,
-+ teardown_leak_tests),
-+ cmocka_unit_test_setup_teardown(test_sss_ptr_hash_without_cb,
-+ setup_leak_tests,
-+ teardown_leak_tests),
- };
-
- /* Set debug level to invalid value so we can decide if -d 0 was used. */
-diff --git a/src/tests/cmocka/test_utils.h b/src/tests/cmocka/test_utils.h
-index e93e0da25..44b9479f9 100644
---- a/src/tests/cmocka/test_utils.h
-+++ b/src/tests/cmocka/test_utils.h
-@@ -33,4 +33,10 @@ void test_guid_blob_to_string_buf(void **state);
- void test_get_last_x_chars(void **state);
- void test_concatenate_string_array(void **state);
-
-+/* from src/tests/cmocka/test_sss_ptr_hash.c */
-+void test_sss_ptr_hash_with_free_cb(void **state);
-+void test_sss_ptr_hash_with_lookup_cb(void **state);
-+void test_sss_ptr_hash_without_cb(void **state);
-+
-+
- #endif /* __TESTS__CMOCKA__TEST_UTILS_H__ */
---
-2.20.1
-
diff --git a/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch b/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
new file mode 100644
index 0000000..0f0b0ba
--- /dev/null
+++ b/SOURCES/0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
@@ -0,0 +1,36 @@
+From 31e57432537b9d248839159d83cfa9049faf192b Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 19 Jun 2020 13:32:30 +0200
+Subject: [PATCH] pam_sss: make sure old certificate data is removed before
+ retry
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+To avoid that certificates will be shown in the certificate selection
+which are not available anymore they must be remove before a new request
+to look up the certificates is send to SSSD's PAM responder.
+
+Resolves: https://github.com/SSSD/sssd/issues/5190
+
+Reviewed-by: Pavel Březina <pbrezina@redhat.com>
+---
+ src/sss_client/pam_sss.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/sss_client/pam_sss.c b/src/sss_client/pam_sss.c
+index e3ad2c9b2..6a3ba2f50 100644
+--- a/src/sss_client/pam_sss.c
++++ b/src/sss_client/pam_sss.c
+@@ -2467,6 +2467,8 @@ static int check_login_token_name(pam_handle_t *pamh, struct pam_items *pi,
+ && strcmp(login_token_name,
+ pi->cert_list->token_name) != 0)) {
+
++ free_cert_list(pi->cert_list);
++ pi->cert_list = NULL;
+ if (retries < 0) {
+ ret = PAM_AUTHINFO_UNAVAIL;
+ goto done;
+--
+2.21.3
+
diff --git a/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch b/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch
deleted file mode 100644
index e31740a..0000000
--- a/SOURCES/0024-p11_child-check-if-card-is-present-in-wait_for_card.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-From 7b647338a40d701c6a5bb51c48c10a31a6b72699 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 30 Jan 2020 13:14:14 +0100
-Subject: [PATCH 24/25] p11_child: check if card is present in wait_for_card()
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some implementations of C_WaitForSlotEvent() might return even if no
-card was inserted. So it has to be checked if a card is really present.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4159
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/p11_child/p11_child_openssl.c | 47 ++++++++++++++++---------------
- 1 file changed, 25 insertions(+), 22 deletions(-)
-
-diff --git a/src/p11_child/p11_child_openssl.c b/src/p11_child/p11_child_openssl.c
-index 56601b117..295715612 100644
---- a/src/p11_child/p11_child_openssl.c
-+++ b/src/p11_child/p11_child_openssl.c
-@@ -1546,35 +1546,38 @@ static errno_t wait_for_card(CK_FUNCTION_LIST *module, CK_SLOT_ID *slot_id)
- CK_RV rv;
- CK_SLOT_INFO info;
-
-- rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL);
-- if (rv != CKR_OK) {
-- if (rv != CKR_FUNCTION_NOT_SUPPORTED) {
-+ do {
-+ rv = module->C_WaitForSlotEvent(wait_flags, slot_id, NULL);
-+ if (rv != CKR_OK && rv != CKR_FUNCTION_NOT_SUPPORTED) {
- DEBUG(SSSDBG_OP_FAILURE,
- "C_WaitForSlotEvent failed [%lu][%s].\n",
- rv, p11_kit_strerror(rv));
- return EIO;
- }
-
-- /* Poor man's wait */
-- do {
-+ if (rv == CKR_FUNCTION_NOT_SUPPORTED) {
-+ /* Poor man's wait */
- sleep(10);
-- rv = module->C_GetSlotInfo(*slot_id, &info);
-- if (rv != CKR_OK) {
-- DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n");
-- return EIO;
-- }
-- DEBUG(SSSDBG_TRACE_ALL,
-- "Description [%s] Manufacturer [%s] flags [%lu] "
-- "removable [%s] token present [%s].\n",
-- info.slotDescription, info.manufacturerID, info.flags,
-- (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false",
-- (info.flags & CKF_TOKEN_PRESENT) ? "true": "false");
-- if ((info.flags & CKF_REMOVABLE_DEVICE)
-- && (info.flags & CKF_TOKEN_PRESENT)) {
-- break;
-- }
-- } while (true);
-- }
-+ }
-+
-+ rv = module->C_GetSlotInfo(*slot_id, &info);
-+ if (rv != CKR_OK) {
-+ DEBUG(SSSDBG_OP_FAILURE, "C_GetSlotInfo failed\n");
-+ return EIO;
-+ }
-+ DEBUG(SSSDBG_TRACE_ALL,
-+ "Description [%s] Manufacturer [%s] flags [%lu] "
-+ "removable [%s] token present [%s].\n",
-+ info.slotDescription, info.manufacturerID, info.flags,
-+ (info.flags & CKF_REMOVABLE_DEVICE) ? "true": "false",
-+ (info.flags & CKF_TOKEN_PRESENT) ? "true": "false");
-+
-+ /* Check if really a token is present */
-+ if ((info.flags & CKF_REMOVABLE_DEVICE)
-+ && (info.flags & CKF_TOKEN_PRESENT)) {
-+ break;
-+ }
-+ } while (true);
-
- return EOK;
- }
---
-2.20.1
-
diff --git a/SOURCES/0024-systemtap-Missing-a-comma.patch b/SOURCES/0024-systemtap-Missing-a-comma.patch
new file mode 100644
index 0000000..b747c2a
--- /dev/null
+++ b/SOURCES/0024-systemtap-Missing-a-comma.patch
@@ -0,0 +1,34 @@
+From 66029529fa0f0e2d16999f22294822deeec5f60b Mon Sep 17 00:00:00 2001
+From: Alejandro Visiedo <avisiedo@redhat.com>
+Date: Thu, 11 Jun 2020 00:36:04 +0200
+Subject: [PATCH] systemtap: Missing a comma
+
+sssd_functions.stp was missing a comma.
+
+Thanks to William Cohen for reporting the issue and the patch to fix it.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1840194
+
+Resolves: https://github.com/SSSD/sssd/issues/5201
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/systemtap/sssd_functions.stp | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/systemtap/sssd_functions.stp b/src/systemtap/sssd_functions.stp
+index 1eb140ccf..01f553177 100644
+--- a/src/systemtap/sssd_functions.stp
++++ b/src/systemtap/sssd_functions.stp
+@@ -7,7 +7,7 @@ global TARGET_ID=0, TARGET_AUTH=1, TARGET_ACCESS=2, TARGET_CHPASS=3,
+ global METHOD_CHECK_ONLINE=0, METHOD_ACCOUNT_HANDLER=1, METHOD_AUTH_HANDLER=2,
+ METHOD_ACCESS_HANDLER=3, METHOD_SELINUX_HANDLER=4, METHOD_SUDO_HANDLER=5,
+ METHOD_AUTOFS_HANDLER=6, METHOD_HOSTID_HANDLER=7, METHOD_DOMAINS_HANDLER=8,
+- METHOD_RESOLVER_HANDLER=9 METHOD_SENTINEL=10
++ METHOD_RESOLVER_HANDLER=9, METHOD_SENTINEL=10
+
+ function acct_req_desc(entry_type)
+ {
+--
+2.21.3
+
diff --git a/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch b/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch
deleted file mode 100644
index 0127ff5..0000000
--- a/SOURCES/0025-PAM-client-only-require-UID-0-for-private-socket.patch
+++ /dev/null
@@ -1,37 +0,0 @@
-From 37780b895199bab991edae6b1eeb91b7b3966bcf Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Thu, 6 Feb 2020 14:50:23 +0100
-Subject: [PATCH 25/25] PAM client: only require UID 0 for private socket
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some privileged services like e.g. gdm might only call with UID 0 but
-with a different GID. This patch removes the GID 0 requirement to access
-to private PAM socket so that e.g. gdm can use the wait-for-card option.
-
-Resolves: https://pagure.io/SSSD/sssd/issue/4159
-
-Reviewed-by: Pavel Březina <pbrezina@redhat.com>
----
- src/sss_client/common.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/sss_client/common.c b/src/sss_client/common.c
-index 270ca8b54..902438c86 100644
---- a/src/sss_client/common.c
-+++ b/src/sss_client/common.c
-@@ -910,8 +910,8 @@ int sss_pam_make_request(enum sss_cli_command cmd,
- goto out;
- }
-
-- /* only root shall use the privileged pipe */
-- if (getuid() == 0 && getgid() == 0) {
-+ /* only UID 0 shall use the privileged pipe */
-+ if (getuid() == 0) {
- socket_name = SSS_PAM_PRIV_SOCKET_NAME;
- errno = 0;
- statret = stat(socket_name, &stat_buf);
---
-2.20.1
-
diff --git a/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch b/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
new file mode 100644
index 0000000..2b71ccd
--- /dev/null
+++ b/SOURCES/0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
@@ -0,0 +1,94 @@
+From ffb9ad1331ac5f5d9bf237666aff19f1def77871 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Fri, 26 Jun 2020 12:07:48 +0200
+Subject: [PATCH] proxy: use 'x' as default pwfield only for sssd-shadowutils
+ target
+
+To avoid regression for case where files is used for proxy but authentication
+is handled by other module then pam_unix. E.g. auth_provider = krb
+
+This provides different solution to the ticket and improves the documentation.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5129
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/confdb/confdb.c | 25 ++++++++++++++++++++-----
+ src/man/sssd.conf.5.xml | 12 +++++++++---
+ 2 files changed, 29 insertions(+), 8 deletions(-)
+
+diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
+index 65ad18dcf..c2daa9a2c 100644
+--- a/src/confdb/confdb.c
++++ b/src/confdb/confdb.c
+@@ -872,7 +872,7 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+ struct sss_domain_info *domain;
+ struct ldb_result *res;
+ TALLOC_CTX *tmp_ctx;
+- const char *tmp;
++ const char *tmp, *tmp_pam_target, *tmp_auth;
+ int ret, val;
+ uint32_t entry_cache_timeout;
+ char *default_domain;
+@@ -1030,13 +1030,28 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
+ }
+
+ if (domain->provider != NULL && strcasecmp(domain->provider, "proxy") == 0) {
+- /* The password field must be reported as 'x' for proxy provider
+- * using files library, else pam_unix won't
+- * authenticate this entry. */
++ /* The password field must be reported as 'x' for proxy provider
++ * using files library, else pam_unix won't authenticate this entry.
++ * We set this only for sssd-shadowutils target which can be used
++ * to authenticate with pam_unix only. Otherwise we let administrator
++ * to overwrite default * value with pwfield option to avoid regression
++ * on more common use case where remote authentication is required. */
+ tmp = ldb_msg_find_attr_as_string(res->msgs[0],
+ CONFDB_PROXY_LIBNAME,
+ NULL);
+- if (tmp != NULL && strcasecmp(tmp, "files") == 0) {
++
++ tmp_auth = ldb_msg_find_attr_as_string(res->msgs[0],
++ CONFDB_DOMAIN_AUTH_PROVIDER,
++ NULL);
++
++ tmp_pam_target = ldb_msg_find_attr_as_string(res->msgs[0],
++ CONFDB_PROXY_PAM_TARGET,
++ NULL);
++
++ if (tmp != NULL && tmp_pam_target != NULL
++ && strcasecmp(tmp, "files") == 0
++ && (tmp_auth == NULL || strcasecmp(tmp_auth, "proxy") == 0)
++ && strcmp(tmp_pam_target, "sssd-shadowutils") == 0) {
+ domain->pwfield = "x";
+ }
+ }
+diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
+index cae24bb63..44b3b8f20 100644
+--- a/src/man/sssd.conf.5.xml
++++ b/src/man/sssd.conf.5.xml
+@@ -1135,11 +1135,17 @@ fallback_homedir = /home/%u
+ <quote>password</quote> field.
+ </para>
+ <para>
+- This option can also be set per-domain.
++ Default: <quote>*</quote>
+ </para>
+ <para>
+- Default: <quote>*</quote> (remote domains)
+- or <quote>x</quote> (the files domain)
++ Note: This option can also be set per-domain which
++ overwrites the value in [nss] section.
++ </para>
++ <para>
++ Default: <quote>not set</quote> (remote domains),
++ <quote>x</quote> (the files domain),
++ <quote>x</quote> (proxy domain with nss_files
++ and sssd-shadowutils target)
+ </para>
+ </listitem>
+ </varlistentry>
+--
+2.21.3
+
diff --git a/SOURCES/0026-files-allow-root-membership.patch b/SOURCES/0026-files-allow-root-membership.patch
new file mode 100644
index 0000000..9356e0b
--- /dev/null
+++ b/SOURCES/0026-files-allow-root-membership.patch
@@ -0,0 +1,291 @@
+From 8969c43dc2d8d0800c2f0b509d078378db855622 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
+Date: Tue, 23 Jun 2020 12:05:08 +0200
+Subject: [PATCH] files: allow root membership
+
+There are two use cases that do not work with files provider:
+
+1. User has primary GID 0:
+
+This is fine by itself since SSSD does not store this user in cache and it is
+handled only by `nss_files` so the user (`tuser`) is returned correctly. The
+problem is when you try to resolve group that the user is member of. In this
+case that the membership is missing the group (but only if the user was
+previously resolved and thus stored in negative cache).
+
+```
+tuser:x:1001:0::/home/tuser:/bin/bash
+tuser:x:1001:tuser
+
+// tuser@files is ghost member of the group so it is returned because it is not in negative cache
+$ getent group tuser
+tuser:x:1001:tuser
+
+// expire memcache
+// tuser@files is ghost member but not returned because it is in negative cache
+$ id tuser // returned from nss_files
+uid=1001(tuser) gid=0(root) groups=0(root),1001(tuser)
+[pbrezina /dev/shm/sssd]$ getent group tuser
+tuser:x:1001:
+```
+
+**2. root is member of other group**
+
+The root member is missing from the membership since it was filtered out by
+negative cache.
+
+```
+tuser:x:1001:root
+
+$ id root
+uid=0(root) gid=0(root) groups=0(root),1001(tuser)
+[pbrezina /dev/shm/sssd]$ getent group tuser
+tuser:x:1001:
+```
+
+In files provider, only the users that we do not want to managed are stored
+as ghost member, therefore we can let nss_files handle group that has ghost
+members.
+
+Tests are changed as well to work with this behavior. Users are added when
+required and ghost are expected to return ENOENT.
+
+Resolves:
+https://github.com/SSSD/sssd/issues/5170
+
+Reviewed-by: Sumit Bose <sbose@redhat.com>
+---
+ src/responder/nss/nss_protocol_grent.c | 18 +++++++
+ src/tests/intg/files_ops.py | 13 +++++
+ src/tests/intg/test_files_provider.py | 73 ++++++++++++++++----------
+ 3 files changed, 77 insertions(+), 27 deletions(-)
+
+diff --git a/src/responder/nss/nss_protocol_grent.c b/src/responder/nss/nss_protocol_grent.c
+index 9c443d0e7..6d8e71083 100644
+--- a/src/responder/nss/nss_protocol_grent.c
++++ b/src/responder/nss/nss_protocol_grent.c
+@@ -141,6 +141,24 @@ nss_protocol_fill_members(struct sss_packet *packet,
+ members[0] = nss_get_group_members(domain, msg);
+ members[1] = nss_get_group_ghosts(domain, msg, group_name);
+
++ if (is_files_provider(domain) && members[1] != NULL) {
++ /* If there is a ghost member in files provider it means that we
++ * did not store the user on purpose (e.g. it has uid or gid 0).
++ * Therefore nss_files does handle the user and therefore we
++ * must let nss_files to also handle this group in order to
++ * provide correct membership. */
++ DEBUG(SSSDBG_TRACE_FUNC,
++ "Unknown members found. nss_files will handle it.\n");
++
++ ret = sss_ncache_set_group(rctx->ncache, false, domain, group_name);
++ if (ret != EOK) {
++ DEBUG(SSSDBG_OP_FAILURE, "sss_ncache_set_group failed.\n");
++ }
++
++ ret = ENOENT;
++ goto done;
++ }
++
+ sss_packet_get_body(packet, &body, &body_len);
+
+ num_members = 0;
+diff --git a/src/tests/intg/files_ops.py b/src/tests/intg/files_ops.py
+index c1c4465e7..57959f501 100644
+--- a/src/tests/intg/files_ops.py
++++ b/src/tests/intg/files_ops.py
+@@ -103,6 +103,13 @@ class FilesOps(object):
+
+ contents = self._read_contents()
+
++ def _has_line(self, key):
++ try:
++ self._get_named_line(key, self._read_contents())
++ return True
++ except KeyError:
++ return False
++
+
+ class PasswdOps(FilesOps):
+ """
+@@ -132,6 +139,9 @@ class PasswdOps(FilesOps):
+ def userdel(self, name):
+ self._del_line(name)
+
++ def userexist(self, name):
++ return self._has_line(name)
++
+
+ class GroupOps(FilesOps):
+ """
+@@ -158,3 +168,6 @@ class GroupOps(FilesOps):
+
+ def groupdel(self, name):
+ self._del_line(name)
++
++ def groupexist(self, name):
++ return self._has_line(name)
+diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
+index 023333020..90be198c3 100644
+--- a/src/tests/intg/test_files_provider.py
++++ b/src/tests/intg/test_files_provider.py
+@@ -60,11 +60,13 @@ OV_USER1 = dict(name='ov_user1', passwd='x', uid=10010, gid=20010,
+ dir='/home/ov/user1',
+ shell='/bin/ov_user1_shell')
+
+-ALT_USER1 = dict(name='altuser1', passwd='x', uid=60001, gid=70001,
++ALT_USER1 = dict(name='alt_user1', passwd='x', uid=60001, gid=70001,
+ gecos='User for tests from alt files',
+ dir='/home/altuser1',
+ shell='/bin/bash')
+
++ALL_USERS = [CANARY, USER1, USER2, OV_USER1, ALT_USER1]
++
+ CANARY_GR = dict(name='canary',
+ gid=300001,
+ mem=[])
+@@ -365,21 +367,34 @@ def setup_pw_with_canary(passwd_ops_setup):
+ return setup_pw_with_list(passwd_ops_setup, [CANARY])
+
+
+-def setup_gr_with_list(grp_ops, group_list):
++def add_group_members(pwd_ops, group):
++ members = {x['name']: x for x in ALL_USERS}
++ for member in group['mem']:
++ if pwd_ops.userexist(member):
++ continue
++
++ pwd_ops.useradd(**members[member])
++
++
++def setup_gr_with_list(pwd_ops, grp_ops, group_list):
+ for group in group_list:
++ add_group_members(pwd_ops, group)
+ grp_ops.groupadd(**group)
++
+ ent.assert_group_by_name(CANARY_GR['name'], CANARY_GR)
+ return grp_ops
+
+
+ @pytest.fixture
+-def add_group_with_canary(group_ops_setup):
+- return setup_gr_with_list(group_ops_setup, [GROUP1, CANARY_GR])
++def add_group_with_canary(passwd_ops_setup, group_ops_setup):
++ return setup_gr_with_list(
++ passwd_ops_setup, group_ops_setup, [GROUP1, CANARY_GR]
++ )
+
+
+ @pytest.fixture
+-def setup_gr_with_canary(group_ops_setup):
+- return setup_gr_with_list(group_ops_setup, [CANARY_GR])
++def setup_gr_with_canary(passwd_ops_setup, group_ops_setup):
++ return setup_gr_with_list(passwd_ops_setup, group_ops_setup, [CANARY_GR])
+
+
+ def poll_canary(fn, name, threshold=20):
+@@ -766,7 +781,9 @@ def test_gid_zero_does_not_resolve(files_domain_only):
+ assert res == NssReturnCode.NOTFOUND
+
+
+-def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
++def test_add_remove_add_file_group(
++ setup_pw_with_canary, setup_gr_with_canary, files_domain_only
++):
+ """
+ Test that removing a group is detected and the group
+ is removed from the sssd database. Similarly, an add
+@@ -776,6 +793,7 @@ def test_add_remove_add_file_group(setup_gr_with_canary, files_domain_only):
+ res, group = call_sssd_getgrnam(GROUP1["name"])
+ assert res == NssReturnCode.NOTFOUND
+
++ add_group_members(setup_pw_with_canary, GROUP1)
+ setup_gr_with_canary.groupadd(**GROUP1)
+ check_group(GROUP1)
+
+@@ -817,8 +835,10 @@ def test_mod_group_gid(add_group_with_canary, files_domain_only):
+
+
+ @pytest.fixture
+-def add_group_nomem_with_canary(group_ops_setup):
+- return setup_gr_with_list(group_ops_setup, [GROUP_NOMEM, CANARY_GR])
++def add_group_nomem_with_canary(passwd_ops_setup, group_ops_setup):
++ return setup_gr_with_list(
++ passwd_ops_setup, group_ops_setup, [GROUP_NOMEM, CANARY_GR]
++ )
+
+
+ def test_getgrnam_no_members(add_group_nomem_with_canary, files_domain_only):
+@@ -911,16 +931,19 @@ def test_getgrnam_ghost(setup_pw_with_canary,
+ setup_gr_with_canary,
+ files_domain_only):
+ """
+- Test that a group with members while the members are not present
+- are added as ghosts. This is also what nss_files does, getgrnam would
+- return group members that do not exist as well.
++ Test that group if not found (and will be handled by nss_files) if there
++ are any ghost members.
+ """
+ user_and_group_setup(setup_pw_with_canary,
+ setup_gr_with_canary,
+ [],
+ [GROUP12],
+ False)
+- check_group(GROUP12)
++
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(GROUP12["name"])
++ assert res == NssReturnCode.NOTFOUND
++
+ for member in GROUP12['mem']:
+ res, _ = call_sssd_getpwnam(member)
+ assert res == NssReturnCode.NOTFOUND
+@@ -932,7 +955,10 @@ def ghost_and_member_test(pw_ops, grp_ops, reverse):
+ [USER1],
+ [GROUP12],
+ reverse)
+- check_group(GROUP12)
++
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(GROUP12["name"])
++ assert res == NssReturnCode.NOTFOUND
+
+ # We checked that the group added has the same members as group12,
+ # so both user1 and user2. Now check that user1 is a member of
+@@ -1027,28 +1053,21 @@ def test_getgrnam_add_remove_ghosts(setup_pw_with_canary,
+ modgroup = dict(GROUP_NOMEM)
+ modgroup['mem'] = ['user1', 'user2']
+ add_group_nomem_with_canary.groupmod(old_name=modgroup['name'], **modgroup)
+- check_group(modgroup)
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(modgroup['name'])
++ assert res == sssd_id.NssReturnCode.NOTFOUND
+
+ modgroup['mem'] = ['user2']
+ add_group_nomem_with_canary.groupmod(old_name=modgroup['name'], **modgroup)
+- check_group(modgroup)
++ time.sleep(1)
++ res, group = call_sssd_getgrnam(modgroup['name'])
++ assert res == sssd_id.NssReturnCode.NOTFOUND
+
+ res, _ = call_sssd_getpwnam('user1')
+ assert res == NssReturnCode.NOTFOUND
+ res, _ = call_sssd_getpwnam('user2')
+ assert res == NssReturnCode.NOTFOUND
+
+- # Add this user and verify it's been added as a member
+- pwd_ops.useradd(**USER2)
+- # The negative cache might still have user2 from the previous request,
+- # flushing the caches might help to prevent a failed lookup after adding
+- # the user.
+- subprocess.call(["sss_cache", "-E"])
+- res, groups = sssd_id_sync('user2')
+- assert res == sssd_id.NssReturnCode.SUCCESS
+- assert len(groups) == 2
+- assert 'group_nomem' in groups
+-
+
+ def realloc_users(pwd_ops, num):
+ # Intentionally not including the last one because
+--
+2.21.3
+
diff --git a/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch b/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch
deleted file mode 100644
index 3901ba0..0000000
--- a/SOURCES/0026-ssh-do-not-mix-different-certificate-lists.patch
+++ /dev/null
@@ -1,209 +0,0 @@
-From f9b3c0d1009da8d8dbe273c38d6725100789e57b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Wed, 8 Jan 2020 13:46:22 +0100
-Subject: [PATCH 26/27] ssh: do not mix different certificate lists
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-There was a list of binary certificates and a list with base64 encoded
-ones which might be different depending on the active matching rules.
-Only the base64 one with the filtered results should be used.
-
-Related to https://pagure.io/SSSD/sssd/issue/4121
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/tests/cmocka/test_cert_utils.c | 80 +++++++++++++++++++++++++++
- src/util/cert.h | 3 +
- src/util/cert/cert_common.c | 20 +++++++
- src/util/cert/cert_common_p11_child.c | 12 ++--
- 4 files changed, 108 insertions(+), 7 deletions(-)
-
-diff --git a/src/tests/cmocka/test_cert_utils.c b/src/tests/cmocka/test_cert_utils.c
-index 325e49f00..c2c9ca270 100644
---- a/src/tests/cmocka/test_cert_utils.c
-+++ b/src/tests/cmocka/test_cert_utils.c
-@@ -711,6 +711,84 @@ void test_cert_to_ssh_2keys_with_certmap_send(void **state)
- talloc_free(ev);
- }
-
-+void test_cert_to_ssh_2keys_with_certmap_2_done(struct tevent_req *req)
-+{
-+ int ret;
-+ struct test_state *ts = tevent_req_callback_data(req, struct test_state);
-+ struct ldb_val *keys;
-+ uint8_t *exp_key;
-+ size_t exp_key_size;
-+ size_t valid_keys;
-+
-+ assert_non_null(ts);
-+ ts->done = true;
-+
-+ ret = cert_to_ssh_key_recv(req, ts, &keys, &valid_keys);
-+ talloc_free(req);
-+ assert_int_equal(ret, 0);
-+ assert_non_null(keys[0].data);
-+ assert_int_equal(valid_keys, 1);
-+
-+ exp_key = sss_base64_decode(ts, SSSD_TEST_CERT_SSH_KEY_0002, &exp_key_size);
-+ assert_non_null(exp_key);
-+ assert_int_equal(keys[0].length, exp_key_size);
-+ assert_memory_equal(keys[0].data, exp_key, exp_key_size);
-+ talloc_free(exp_key);
-+
-+ talloc_free(keys);
-+ sss_certmap_free_ctx(ts->sss_certmap_ctx);
-+}
-+
-+void test_cert_to_ssh_2keys_with_certmap_2_send(void **state)
-+{
-+ int ret;
-+ struct tevent_context *ev;
-+ struct tevent_req *req;
-+ struct ldb_val val[2];
-+
-+ struct test_state *ts = talloc_get_type_abort(*state, struct test_state);
-+ assert_non_null(ts);
-+ ts->done = false;
-+
-+ ret = sss_certmap_init(ts, NULL, NULL, &ts->sss_certmap_ctx);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sss_certmap_add_rule(ts->sss_certmap_ctx, -1,
-+ "<SUBJECT>CN=SSSD test cert 0002,.*", NULL,
-+ NULL);
-+ assert_int_equal(ret, EOK);
-+
-+ val[0].data = sss_base64_decode(ts, SSSD_TEST_CERT_0001,
-+ &val[0].length);
-+ assert_non_null(val[0].data);
-+
-+ val[1].data = sss_base64_decode(ts, SSSD_TEST_CERT_0002,
-+ &val[1].length);
-+ assert_non_null(val[1].data);
-+
-+ ev = tevent_context_init(ts);
-+ assert_non_null(ev);
-+
-+ req = cert_to_ssh_key_send(ts, ev, -1, P11_CHILD_TIMEOUT,
-+#ifdef HAVE_NSS
-+ "sql:" ABS_BUILD_DIR "/src/tests/test_CA/p11_nssdb",
-+#else
-+ ABS_BUILD_DIR "/src/tests/test_CA/SSSD_test_CA.pem",
-+#endif
-+ ts->sss_certmap_ctx, 2, &val[0], NULL);
-+ assert_non_null(req);
-+
-+ tevent_req_set_callback(req, test_cert_to_ssh_2keys_with_certmap_2_done, ts);
-+
-+ while (!ts->done) {
-+ tevent_loop_once(ev);
-+ }
-+
-+ talloc_free(val[0].data);
-+ talloc_free(val[1].data);
-+ talloc_free(ev);
-+}
-+
- int main(int argc, const char *argv[])
- {
- poptContext pc;
-@@ -746,6 +824,8 @@ int main(int argc, const char *argv[])
- setup, teardown),
- cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_send,
- setup, teardown),
-+ cmocka_unit_test_setup_teardown(test_cert_to_ssh_2keys_with_certmap_2_send,
-+ setup, teardown),
- #endif
- };
-
-diff --git a/src/util/cert.h b/src/util/cert.h
-index e0d44e3d6..d038a99f6 100644
---- a/src/util/cert.h
-+++ b/src/util/cert.h
-@@ -52,6 +52,9 @@ errno_t get_ssh_key_from_cert(TALLOC_CTX *mem_ctx,
- uint8_t *der_blob, size_t der_size,
- uint8_t **key_blob, size_t *key_size);
-
-+errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
-+ uint8_t **key_blob, size_t *key_size);
-+
- struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- int child_debug_fd, time_t timeout,
-diff --git a/src/util/cert/cert_common.c b/src/util/cert/cert_common.c
-index 766877089..511fddd4d 100644
---- a/src/util/cert/cert_common.c
-+++ b/src/util/cert/cert_common.c
-@@ -206,3 +206,23 @@ done:
-
- return ret;
- }
-+
-+errno_t get_ssh_key_from_derb64(TALLOC_CTX *mem_ctx, const char *derb64,
-+ uint8_t **key_blob, size_t *key_size)
-+{
-+ int ret;
-+ uint8_t *der_blob;
-+ size_t der_size;
-+
-+ der_blob = sss_base64_decode(mem_ctx, derb64, &der_size);
-+ if (der_blob == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
-+ return EIO;
-+ }
-+
-+ ret = get_ssh_key_from_cert(mem_ctx, der_blob, der_size,
-+ key_blob, key_size);
-+ talloc_free(der_blob);
-+
-+ return ret;
-+}
-diff --git a/src/util/cert/cert_common_p11_child.c b/src/util/cert/cert_common_p11_child.c
-index 80c10eff1..1846ff89a 100644
---- a/src/util/cert/cert_common_p11_child.c
-+++ b/src/util/cert/cert_common_p11_child.c
-@@ -28,7 +28,6 @@ struct cert_to_ssh_key_state {
- time_t timeout;
- const char **extra_args;
- const char **certs;
-- struct ldb_val *bin_certs;
- struct ldb_val *keys;
- size_t cert_count;
- size_t iter;
-@@ -74,7 +73,6 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- state->child_debug_fd = (child_debug_fd == -1) ? STDERR_FILENO
- : child_debug_fd;
- state->timeout = timeout;
-- state->bin_certs = bin_certs;
- state->io = talloc(state, struct child_io_fds);
- if (state->io == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n");
-@@ -138,6 +136,7 @@ struct tevent_req *cert_to_ssh_key_send(TALLOC_CTX *mem_ctx,
- ret = EINVAL;
- goto done;
- }
-+
- state->cert_count++;
- }
-
-@@ -289,11 +288,10 @@ static void cert_to_ssh_key_done(int child_status,
- if (valid) {
- DEBUG(SSSDBG_TRACE_LIBS, "Certificate [%s] is valid.\n",
- state->certs[state->iter]);
-- ret = get_ssh_key_from_cert(state->keys,
-- state->bin_certs[state->iter].data,
-- state->bin_certs[state->iter].length,
-- &state->keys[state->iter].data,
-- &state->keys[state->iter].length);
-+ ret = get_ssh_key_from_derb64(state->keys,
-+ state->certs[state->iter],
-+ &state->keys[state->iter].data,
-+ &state->keys[state->iter].length);
- if (ret == EOK) {
- state->valid_keys++;
- } else {
---
-2.20.1
-
diff --git a/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch b/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
new file mode 100644
index 0000000..1c4f461
--- /dev/null
+++ b/SOURCES/0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
@@ -0,0 +1,42 @@
+From 100839b64390d7010bfa28552fd9381ef4366496 Mon Sep 17 00:00:00 2001
+From: Sumit Bose <sbose@redhat.com>
+Date: Fri, 26 Jun 2020 09:48:17 +0200
+Subject: [PATCH] PAM: do not treat error for cache-only lookups as fatal
+
+The original fatal error came from a time where at this place in the
+code the response form the backend was checked and an error was clearly
+fatal.
+
+Now we only check if the entry is in the cache and valid. An error would
+mean that the backend is called to lookup or refresh the entry. So the
+backend can change the state of the cache and make upcoming cache
+lookups successful. So it makes sense to not only call the backend if
+ENOENT is returned but for all kind of errors.
+
+Resolves https://pagure.io/SSSD/sssd/issue/4098
+
+Reviewed-by: Pawel Polawski <ppolawsk@redhat.com>
+---
+ src/responder/pam/pamsrv_cmd.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/responder/pam/pamsrv_cmd.c b/src/responder/pam/pamsrv_cmd.c
+index 1cd901f15..666131cb7 100644
+--- a/src/responder/pam/pamsrv_cmd.c
++++ b/src/responder/pam/pamsrv_cmd.c
+@@ -1941,10 +1941,8 @@ static void pam_check_user_search_next(struct tevent_req *req)
+ ret = cache_req_single_domain_recv(preq, req, &result);
+ talloc_zfree(req);
+ if (ret != EOK && ret != ENOENT) {
+- DEBUG(SSSDBG_CRIT_FAILURE,
+- "Fatal error, killing connection!\n");
+- talloc_zfree(preq->cctx);
+- return;
++ DEBUG(SSSDBG_OP_FAILURE, "Cache lookup failed, trying to get fresh "
++ "data from the backened.\n");
+ }
+
+ DEBUG(SSSDBG_TRACE_ALL, "PAM initgroups scheme [%s].\n",
+--
+2.21.3
+
diff --git a/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch b/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch
deleted file mode 100644
index 32bacee..0000000
--- a/SOURCES/0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch
+++ /dev/null
@@ -1,314 +0,0 @@
-From 849d495ea948e75ecb4ea469c9f8db4a740a2377 Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Fri, 7 Feb 2020 20:32:45 +0100
-Subject: [PATCH 27/27] ssh: add 'no_rules' and 'all_rules' to
- ssh_use_certificate_matching_rules
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-To make ssh_use_certificate_matching_rules option more flexible and
-predictable the keywords 'all_rules' and 'no_rules' are added.
-'no_rules' can be used to allow all certificates.
-
-If rules names are given but no matching rules can be found this is
-considered an error and no ssh keys will be derived from the
-certificates.
-
-Related to https://pagure.io/SSSD/sssd/issue/4121
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/man/sssd.conf.5.xml | 16 +++--
- src/responder/ssh/ssh_cmd.c | 33 ++++++---
- src/responder/ssh/ssh_private.h | 1 +
- src/responder/ssh/ssh_reply.c | 8 +++
- src/tests/cmocka/test_ssh_srv.c | 122 +++++++++++++++++++++++++++++++-
- 5 files changed, 165 insertions(+), 15 deletions(-)
-
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index ef07c43d3..f71fbf4aa 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1760,12 +1760,20 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
- will be ignored.
- </para>
- <para>
-- If a non-existing rule name is given all rules will
-- be ignored and all available certificates will be
-- used to derive ssh keys.
-+ There are two special key words 'all_rules' and
-+ 'no_rules' which will enable all or no rules,
-+ respectively. The latter means that no certificates
-+ will be filtered out and ssh keys will be generated
-+ from all valid certificates.
- </para>
- <para>
-- Default: not set, all found rules are used
-+ A non-existing rule name is considered an error.
-+ If as a result no rule is selected all certificates
-+ will be ignored.
-+ </para>
-+ <para>
-+ Default: not set, equivalent to 'all_rules,
-+ all found rules are used
- </para>
- </listitem>
- </varlistentry>
-diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c
-index 09f9b73b6..d1e7c667b 100644
---- a/src/responder/ssh/ssh_cmd.c
-+++ b/src/responder/ssh/ssh_cmd.c
-@@ -157,10 +157,26 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- size_t c;
- int ret;
- bool rule_added;
-+ bool all_rules = false;
-+ bool no_rules = false;
-+
-+ ssh_ctx->cert_rules_error = false;
-+
-+ if (ssh_ctx->cert_rules == NULL || ssh_ctx->cert_rules[0] == NULL) {
-+ all_rules = true;
-+ } else if (ssh_ctx->cert_rules[0] != NULL
-+ && ssh_ctx->cert_rules[1] == NULL) {
-+ if (strcmp(ssh_ctx->cert_rules[0], "all_rules") == 0) {
-+ all_rules = true;
-+ } else if (strcmp(ssh_ctx->cert_rules[0], "no_rules") == 0) {
-+ no_rules = true;
-+ }
-+ }
-
- if (!ssh_ctx->use_cert_keys
- || ssh_ctx->certmap_last_read
-- >= ssh_ctx->rctx->get_domains_last_call.tv_sec) {
-+ >= ssh_ctx->rctx->get_domains_last_call.tv_sec
-+ || no_rules) {
- DEBUG(SSSDBG_TRACE_ALL, "No certmap update needed.\n");
- return EOK;
- }
-@@ -180,9 +196,8 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
-
- for (c = 0; certmap_list[c] != NULL; c++) {
-
-- if (ssh_ctx->cert_rules != NULL
-- && !string_in_list(certmap_list[c]->name,
-- ssh_ctx->cert_rules, true)) {
-+ if (!all_rules && !string_in_list(certmap_list[c]->name,
-+ ssh_ctx->cert_rules, true)) {
- DEBUG(SSSDBG_TRACE_ALL, "Skipping matching rule [%s], it is "
- "not listed in the ssh_use_certificate_matching_rules "
- "option.\n", certmap_list[c]->name);
-@@ -212,11 +227,12 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- }
-
- if (!rule_added) {
-- DEBUG(SSSDBG_TRACE_ALL,
-- "No matching rule added, all certificates will be used.\n");
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "No matching rule added, please check "
-+ "ssh_use_certificate_matching_rules option values for typos .\n");
-
-- sss_certmap_free_ctx(sss_certmap_ctx);
-- sss_certmap_ctx = NULL;
-+ ret = EINVAL;
-+ goto done;
- }
-
- ret = EOK;
-@@ -228,6 +244,7 @@ done:
- ssh_ctx->certmap_last_read = ssh_ctx->rctx->get_domains_last_call.tv_sec;
- } else {
- sss_certmap_free_ctx(sss_certmap_ctx);
-+ ssh_ctx->cert_rules_error = true;
- }
-
- return ret;
-diff --git a/src/responder/ssh/ssh_private.h b/src/responder/ssh/ssh_private.h
-index 76a1aead3..028ccd616 100644
---- a/src/responder/ssh/ssh_private.h
-+++ b/src/responder/ssh/ssh_private.h
-@@ -40,6 +40,7 @@ struct ssh_ctx {
- time_t certmap_last_read;
- struct sss_certmap_ctx *sss_certmap_ctx;
- char **cert_rules;
-+ bool cert_rules_error;
- };
-
- struct sss_cmd_table *get_ssh_cmds(void);
-diff --git a/src/responder/ssh/ssh_reply.c b/src/responder/ssh/ssh_reply.c
-index 1200a3a36..97914266d 100644
---- a/src/responder/ssh/ssh_reply.c
-+++ b/src/responder/ssh/ssh_reply.c
-@@ -196,6 +196,14 @@ struct tevent_req *ssh_get_output_keys_send(TALLOC_CTX *mem_ctx,
- goto done;
- }
-
-+ if (state->ssh_ctx->cert_rules_error) {
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "Skipping keys from certificates because there was an error "
-+ "while processing matching rules.\n");
-+ ret = EOK;
-+ goto done;
-+ }
-+
- ret = confdb_get_string(cli_ctx->rctx->cdb, state,
- CONFDB_MONITOR_CONF_ENTRY,
- CONFDB_MONITOR_CERT_VERIFICATION, NULL,
-diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c
-index 45915f681..fc43663a7 100644
---- a/src/tests/cmocka/test_ssh_srv.c
-+++ b/src/tests/cmocka/test_ssh_srv.c
-@@ -712,6 +712,120 @@ void test_ssh_user_pubkey_cert_with_rule(void **state)
- assert_int_equal(ret, EOK);
- }
-
-+void test_ssh_user_pubkey_cert_with_all_rules(void **state)
-+{
-+ int ret;
-+ struct sysdb_attrs *attrs;
-+ /* Both rules are enabled, both certificates should be handled. */
-+ const char *rule_list[] = { "all_rules", NULL };
-+ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL};
-+
-+ attrs = sysdb_new_attrs(ssh_test_ctx);
-+ assert_non_null(attrs);
-+ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0001);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0002);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom,
-+ ssh_test_ctx->ssh_user_fqdn,
-+ attrs,
-+ LDB_FLAG_MOD_ADD);
-+ talloc_free(attrs);
-+ assert_int_equal(ret, EOK);
-+
-+ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn);
-+ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+
-+ /* Enable certificate support */
-+ ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-+ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list;
-+ ssh_test_ctx->ssh_ctx->certmap_last_read = 0;
-+ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1;
-+ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list);
-+#ifdef HAVE_NSS
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR
-+ "/src/tests/test_CA/p11_nssdb");
-+#else
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR
-+ "/src/tests/test_CA/SSSD_test_CA.pem");
-+#endif
-+
-+ set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
-+ ssh_test_ctx->ssh_cmds);
-+ assert_int_equal(ret, EOK);
-+
-+ /* Wait until the test finishes with EOK */
-+ ret = test_ev_loop(ssh_test_ctx->tctx);
-+ assert_int_equal(ret, EOK);
-+}
-+
-+void test_ssh_user_pubkey_cert_with_no_rules(void **state)
-+{
-+ int ret;
-+ struct sysdb_attrs *attrs;
-+ /* No rules should be used, both certificates should be handled. */
-+ const char *rule_list[] = { "no_rules", NULL };
-+ struct certmap_info *certmap_list[] = { &rule_1, &rule_2, NULL};
-+
-+ attrs = sysdb_new_attrs(ssh_test_ctx);
-+ assert_non_null(attrs);
-+ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0001);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0002);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom,
-+ ssh_test_ctx->ssh_user_fqdn,
-+ attrs,
-+ LDB_FLAG_MOD_ADD);
-+ talloc_free(attrs);
-+ assert_int_equal(ret, EOK);
-+
-+ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn);
-+ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+
-+ /* Enable certificate support */
-+ ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-+ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = certmap_list;
-+ ssh_test_ctx->ssh_ctx->certmap_last_read = 0;
-+ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1;
-+ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list);
-+#ifdef HAVE_NSS
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR
-+ "/src/tests/test_CA/p11_nssdb");
-+#else
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR
-+ "/src/tests/test_CA/SSSD_test_CA.pem");
-+#endif
-+
-+ set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
-+ ssh_test_ctx->ssh_cmds);
-+ assert_int_equal(ret, EOK);
-+
-+ /* Wait until the test finishes with EOK */
-+ ret = test_ev_loop(ssh_test_ctx->tctx);
-+ assert_int_equal(ret, EOK);
-+}
-+
- void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state)
- {
- int ret;
-@@ -743,8 +857,6 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state)
- will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-- will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-
- /* Enable certificate support */
- ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-@@ -760,7 +872,7 @@ void test_ssh_user_pubkey_cert_with_unknow_rule_name(void **state)
- "/src/tests/test_CA/SSSD_test_CA.pem");
- #endif
-
-- set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ set_cmd_cb(test_ssh_user_one_pubkey_check);
- ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
- ssh_test_ctx->ssh_cmds);
- assert_int_equal(ret, EOK);
-@@ -852,6 +964,10 @@ int main(int argc, const char *argv[])
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule,
- ssh_test_setup, ssh_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules,
-+ ssh_test_setup, ssh_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules,
-+ ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name,
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_rule_1,
---
-2.20.1
-
diff --git a/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch b/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch
deleted file mode 100644
index 32b7d65..0000000
--- a/SOURCES/0028-Add-TCP-level-timeout-to-LDAP-services.patch
+++ /dev/null
@@ -1,50 +0,0 @@
-From 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac Mon Sep 17 00:00:00 2001
-From: Simo Sorce <simo@redhat.com>
-Date: Tue, 10 Sep 2019 14:33:37 +0000
-Subject: [PATCH] Add TCP level timeout to LDAP services
-
-In some cases the TCP connection may hang with data sent because
-of network conditions, this may cause the socket to stall for much
-longer than the timeout intended.
-Set a TCP option to forcibly timeout a socket that sees its data not
-ACKed within the ldap_network_timeout seconds.
-
-Signed-off-by: Simo Sorce <simo@redhat.com>
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/util/sss_sockets.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
-index 0e4d8df8a..b6b6dbac5 100644
---- a/src/util/sss_sockets.c
-+++ b/src/util/sss_sockets.c
-@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
- int dummy = 1;
- int ret;
- struct timeval tv;
-+ unsigned int milli;
-
- /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
- * failures are ignored.*/
-@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout)
- "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
- strerror(ret));
- }
-+
-+ milli = timeout * 1000; /* timeout in milliseconds */
-+ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
-+ sizeof(milli));
-+ if (ret != 0) {
-+ ret = errno;
-+ DEBUG(SSSDBG_FUNC_DATA,
-+ "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
-+ strerror(ret));
-+ }
- }
-
- return EOK;
---
-2.21.1
-
diff --git a/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch b/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch
deleted file mode 100644
index 967a1c3..0000000
--- a/SOURCES/0029-sss_sockets-pass-pointer-instead-of-integer.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From 5b87af6f5b50c464ee7ea4558f73431e398e1423 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
-Date: Mon, 10 Feb 2020 11:52:35 +0100
-Subject: [PATCH] sss_sockets: pass pointer instead of integer
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-```
-/home/pbrezina/workspace/sssd/src/util/sss_sockets.c: In function ‘set_fd_common_opts’:
-/home/pbrezina/workspace/sssd/src/util/sss_sockets.c:123:61: error: passing argument 4 of ‘setsockopt’ makes pointer from integer without a cast [-Werror=int-conversion]
- 123 | ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
- | ^~~~~
- | |
- | unsigned int
-In file included from /home/pbrezina/workspace/sssd/src/util/sss_sockets.c:28:
-/usr/include/sys/socket.h:216:22: note: expected ‘const void *’ but argument is of type ‘unsigned int’
- 216 | const void *__optval, socklen_t __optlen) __THROW;
- | ~~~~~~~~~~~~^~~~~~~~
- CC src/util/sssd_kcm-sss_iobuf.o
-cc1: all warnings being treated as errors
-```
-
-Introduced by 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac
-
-Reviewed-by: Sumit Bose <sbose@redhat.com>
----
- src/util/sss_sockets.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
-index b6b6dbac5..6f2b71bc8 100644
---- a/src/util/sss_sockets.c
-+++ b/src/util/sss_sockets.c
-@@ -120,7 +120,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
- }
-
- milli = timeout * 1000; /* timeout in milliseconds */
-- ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
-+ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, &milli,
- sizeof(milli));
- if (ret != 0) {
- ret = errno;
---
-2.21.1
-
diff --git a/SOURCES/0030-ssh-fix-matching-rules-default.patch b/SOURCES/0030-ssh-fix-matching-rules-default.patch
deleted file mode 100644
index ec3e047..0000000
--- a/SOURCES/0030-ssh-fix-matching-rules-default.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-From 6f7f15691b071cefd4e04a9fee44af580b6c502b Mon Sep 17 00:00:00 2001
-From: Sumit Bose <sbose@redhat.com>
-Date: Mon, 9 Mar 2020 13:39:47 +0100
-Subject: [PATCH] ssh: fix matching rules default
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Before the ssh_use_certificate_matching_rules option was added the ssh
-responder returned ssh keys derived from all valid certificates. Since
-the default of the ssh_use_certificate_matching_rules option is
-'all_rules' in a case where no matching rules are defined all
-certificated will be filtered out and no ssh keys are returned.
-
-The intention of the default was to allow the same same certificates
-which are allowed in the PAM responder for authentication. The missing
-default matching rule which is currently use by the PAM responder if no
-other rules are available is added by this patch.
-
-There might still be a small regression in case certificates without the
-extended key usage (EKU) clientAuth were used for ssh. In this case
-'ssh_use_certificate_matching_rules = no_rules' or a suitable matching
-rule must be added to the configuration.
-
-Related to https://pagure.io/SSSD/sssd/issue/4121
-
-Reviewed-by: Tomáš Halman <thalman@redhat.com>
----
- src/man/sssd.conf.5.xml | 9 ++++-
- src/responder/pam/pam_helpers.h | 2 ++
- src/responder/pam/pamsrv_p11.c | 3 +-
- src/responder/ssh/ssh_cmd.c | 30 +++++++++++++----
- src/tests/cmocka/test_ssh_srv.c | 58 +++++++++++++++++++++++++++++++++
- 5 files changed, 93 insertions(+), 9 deletions(-)
-
-diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
-index 58383579c..a2567f5ac 100644
---- a/src/man/sssd.conf.5.xml
-+++ b/src/man/sssd.conf.5.xml
-@@ -1766,6 +1766,13 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
- will be filtered out and ssh keys will be generated
- from all valid certificates.
- </para>
-+ <para>
-+ If no rules are configured using 'all_rules' will
-+ enable a default rule which enables all
-+ certificates suitable for client authentication.
-+ This is the same behavior as for the PAM responder
-+ if certificate authentication is enabled.
-+ </para>
- <para>
- A non-existing rule name is considered an error.
- If as a result no rule is selected all certificates
-@@ -1773,7 +1780,7 @@ p11_uri = library-description=OpenSC%20smartcard%20framework;slot-id=2
- </para>
- <para>
- Default: not set, equivalent to 'all_rules,
-- all found rules are used
-+ all found rules or the default rule are used
- </para>
- </listitem>
- </varlistentry>
-diff --git a/src/responder/pam/pam_helpers.h b/src/responder/pam/pam_helpers.h
-index 614389706..23fd308bb 100644
---- a/src/responder/pam/pam_helpers.h
-+++ b/src/responder/pam/pam_helpers.h
-@@ -25,6 +25,8 @@
-
- #include "util/util.h"
-
-+#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:<EKU>clientAuth"
-+
- errno_t pam_initgr_cache_set(struct tevent_context *ev,
- hash_table_t *id_table,
- char *name,
-diff --git a/src/responder/pam/pamsrv_p11.c b/src/responder/pam/pamsrv_p11.c
-index 0dc53a826..8e276b200 100644
---- a/src/responder/pam/pamsrv_p11.c
-+++ b/src/responder/pam/pamsrv_p11.c
-@@ -26,13 +26,12 @@
- #include "util/child_common.h"
- #include "util/strtonum.h"
- #include "responder/pam/pamsrv.h"
-+#include "responder/pam/pam_helpers.h"
- #include "lib/certmap/sss_certmap.h"
- #include "util/crypto/sss_crypto.h"
- #include "db/sysdb.h"
-
-
--#define CERT_AUTH_DEFAULT_MATCHING_RULE "KRB5:<EKU>clientAuth"
--
- struct cert_auth_info {
- char *cert;
- char *token_name;
-diff --git a/src/responder/ssh/ssh_cmd.c b/src/responder/ssh/ssh_cmd.c
-index e42e29bfd..a593c904f 100644
---- a/src/responder/ssh/ssh_cmd.c
-+++ b/src/responder/ssh/ssh_cmd.c
-@@ -29,6 +29,7 @@
- #include "responder/common/responder.h"
- #include "responder/common/cache_req/cache_req.h"
- #include "responder/ssh/ssh_private.h"
-+#include "responder/pam/pam_helpers.h"
- #include "lib/certmap/sss_certmap.h"
-
- struct ssh_cmd_ctx {
-@@ -159,6 +160,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- bool rule_added;
- bool all_rules = false;
- bool no_rules = false;
-+ bool rules_present = false;
-
- ssh_ctx->cert_rules_error = false;
-
-@@ -195,6 +197,7 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- }
-
- for (c = 0; certmap_list[c] != NULL; c++) {
-+ rules_present = true;
-
- if (!all_rules && !string_in_list(certmap_list[c]->name,
- ssh_ctx->cert_rules, true)) {
-@@ -227,12 +230,27 @@ static errno_t ssh_cmd_refresh_certmap_ctx(struct ssh_ctx *ssh_ctx,
- }
-
- if (!rule_added) {
-- DEBUG(SSSDBG_CONF_SETTINGS,
-- "No matching rule added, please check "
-- "ssh_use_certificate_matching_rules option values for typos .\n");
--
-- ret = EINVAL;
-- goto done;
-+ if (!rules_present) {
-+ DEBUG(SSSDBG_TRACE_FUNC,
-+ "No rules available, trying to add default matching rule.\n");
-+ ret = sss_certmap_add_rule(sss_certmap_ctx, SSS_CERTMAP_MIN_PRIO,
-+ CERT_AUTH_DEFAULT_MATCHING_RULE,
-+ NULL, NULL);
-+ if (ret != 0) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ "Failed to add default matching rule [%d][%s].\n",
-+ ret, sss_strerror(ret));
-+ goto done;
-+ }
-+ } else {
-+ DEBUG(SSSDBG_CONF_SETTINGS,
-+ "No matching rule added, please check "
-+ "ssh_use_certificate_matching_rules option values for "
-+ "typos.\n");
-+
-+ ret = EINVAL;
-+ goto done;
-+ }
- }
-
- ret = EOK;
-diff --git a/src/tests/cmocka/test_ssh_srv.c b/src/tests/cmocka/test_ssh_srv.c
-index fc43663a7..a48013416 100644
---- a/src/tests/cmocka/test_ssh_srv.c
-+++ b/src/tests/cmocka/test_ssh_srv.c
-@@ -769,6 +769,62 @@ void test_ssh_user_pubkey_cert_with_all_rules(void **state)
- assert_int_equal(ret, EOK);
- }
-
-+void test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present(void **state)
-+{
-+ int ret;
-+ struct sysdb_attrs *attrs;
-+ /* Both rules are enabled, both certificates should be handled. */
-+ const char *rule_list[] = { "all_rules", NULL };
-+
-+ attrs = sysdb_new_attrs(ssh_test_ctx);
-+ assert_non_null(attrs);
-+ ret = sysdb_attrs_add_string(attrs, SYSDB_SSH_PUBKEY, TEST_SSH_PUBKEY);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0001);
-+ assert_int_equal(ret, EOK);
-+ ret = sysdb_attrs_add_base64_blob(attrs, SYSDB_USER_CERT,
-+ SSSD_TEST_CERT_0002);
-+ assert_int_equal(ret, EOK);
-+
-+ ret = sysdb_set_user_attr(ssh_test_ctx->tctx->dom,
-+ ssh_test_ctx->ssh_user_fqdn,
-+ attrs,
-+ LDB_FLAG_MOD_ADD);
-+ talloc_free(attrs);
-+ assert_int_equal(ret, EOK);
-+
-+ mock_input_user(ssh_test_ctx, ssh_test_ctx->ssh_user_fqdn);
-+ will_return(__wrap_sss_packet_get_cmd, SSS_SSH_GET_USER_PUBKEYS);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+ will_return(__wrap_sss_packet_get_body, WRAP_CALL_REAL);
-+
-+ /* Enable certificate support */
-+ ssh_test_ctx->ssh_ctx->use_cert_keys = true;
-+ ssh_test_ctx->ssh_ctx->rctx->domains->certmaps = NULL;
-+ ssh_test_ctx->ssh_ctx->certmap_last_read = 0;
-+ ssh_test_ctx->ssh_ctx->rctx->get_domains_last_call.tv_sec = 1;
-+ ssh_test_ctx->ssh_ctx->cert_rules = discard_const(rule_list);
-+#ifdef HAVE_NSS
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const("sql:" ABS_BUILD_DIR
-+ "/src/tests/test_CA/p11_nssdb");
-+#else
-+ ssh_test_ctx->ssh_ctx->ca_db = discard_const(ABS_BUILD_DIR
-+ "/src/tests/test_CA/SSSD_test_CA.pem");
-+#endif
-+
-+ set_cmd_cb(test_ssh_user_pubkey_cert_check);
-+ ret = sss_cmd_execute(ssh_test_ctx->cctx, SSS_SSH_GET_USER_PUBKEYS,
-+ ssh_test_ctx->ssh_cmds);
-+ assert_int_equal(ret, EOK);
-+
-+ /* Wait until the test finishes with EOK */
-+ ret = test_ev_loop(ssh_test_ctx->tctx);
-+ assert_int_equal(ret, EOK);
-+}
-+
- void test_ssh_user_pubkey_cert_with_no_rules(void **state)
- {
- int ret;
-@@ -966,6 +1022,8 @@ int main(int argc, const char *argv[])
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules,
- ssh_test_setup, ssh_test_teardown),
-+ cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_all_rules_but_no_rules_present,
-+ ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_no_rules,
- ssh_test_setup, ssh_test_teardown),
- cmocka_unit_test_setup_teardown(test_ssh_user_pubkey_cert_with_unknow_rule_name,
---
-2.21.1
-
diff --git a/SPECS/sssd.spec b/SPECS/sssd.spec
index 52bd737..9ce35d0 100644
--- a/SPECS/sssd.spec
+++ b/SPECS/sssd.spec
@@ -8,12 +8,14 @@
%global install_pcscd_polkit_rule 1
+%global samba_package_version %(rpm -q samba-devel --queryformat %{version}-%{release})
+
# Determine the location of the LDB modules directory
%global ldb_modulesdir %(pkg-config --variable=modulesdir ldb)
%global ldb_version 1.2.0
%global enable_systemtap 1
- %global enable_systemtap_opt --enable-systemtap
+%global enable_systemtap_opt --enable-systemtap
%global libwbc_alternatives_version 0.14
%global libwbc_lib_version %{libwbc_alternatives_version}.0
@@ -23,8 +25,8 @@
%endif
Name: sssd
-Version: 2.2.3
-Release: 20%{?dist}
+Version: 2.3.0
+Release: 4%{?dist}
Group: Applications/System
Summary: System Security Services Daemon
License: GPLv3+
@@ -32,36 +34,33 @@ URL: https://pagure.io/SSSD/sssd/
Source0: https://releases.pagure.org/SSSD/sssd/%{name}-%{version}.tar.gz
### Patches ###
-Patch0001: 0001-INI-sssctl-config-check-command-error-messages.patch
-Patch0002: 0002-certmap-mention-special-regex-characters-in-man-page.patch
-Patch0003: 0003-ldap_child-do-not-try-PKINIT.patch
-Patch0004: 0004-util-watchdog-fixed-watchdog-implementation.patch
-Patch0005: 0005-providers-krb5-got-rid-of-unused-code.patch
-Patch0006: 0006-data_provider_be-got-rid-of-duplicating-SIGTERM-hand.patch
-Patch0007: 0007-util-server-improved-debug-at-shutdown.patch
-Patch0008: 0008-util-sss_ptr_hash-fixed-double-free-in-sss_ptr_hash_.patch
-Patch0009: 0009-sdap-Add-randomness-to-ldap-connection-timeout.patch
-Patch0010: 0010-ad-allow-booleans-for-ad_inherit_opts_if_needed.patch
-Patch0011: 0011-ad-add-ad_use_ldaps.patch
-Patch0012: 0012-ldap-add-new-option-ldap_sasl_maxssf.patch
-Patch0013: 0013-ad-set-min-and-max-ssf-for-ldaps.patch
-Patch0014: 0014-BE_REFRESH-Do-not-try-to-refresh-domains-from-other-.patch
-Patch0015: 0015-sysdb_sudo-Enable-LDAP-time-format-compatibility.patch
-Patch0016: 0016-zanata-Pulled-new-translations.patch
-Patch0017: 0017-sbus_server-stylistic-rename.patch
-Patch0018: 0018-sss_ptr_hash-don-t-keep-empty-sss_ptr_hash_delete_da.patch
-Patch0019: 0019-sss_ptr_hash-sss_ptr_hash_delete-fix-optimization.patch
-Patch0020: 0020-sss_ptr_hash-removed-redundant-check.patch
-Patch0021: 0021-sss_ptr_hash-fixed-memory-leak.patch
-Patch0022: 0022-sss_ptr_hash-internal-refactoring.patch
-Patch0023: 0023-TESTS-added-sss_ptr_hash-unit-test.patch
-Patch0024: 0024-p11_child-check-if-card-is-present-in-wait_for_card.patch
-Patch0025: 0025-PAM-client-only-require-UID-0-for-private-socket.patch
-Patch0026: 0026-ssh-do-not-mix-different-certificate-lists.patch
-Patch0027: 0027-ssh-add-no_rules-and-all_rules-to-ssh_use_certificat.patch
-Patch0028: 0028-Add-TCP-level-timeout-to-LDAP-services.patch
-Patch0029: 0029-sss_sockets-pass-pointer-instead-of-integer.patch
-Patch0030: 0030-ssh-fix-matching-rules-default.patch
+Patch0001: 0001-ad_gpo_ndr.c-more-ndr-updates.patch
+Patch0002: 0002-test-avoid-endian-issues-in-network-tests.patch
+Patch0003: 0003-sssctl-sssctl-config-check-alternative-config-file.patch
+Patch0004: 0004-DEBUG-only-open-child-process-log-files-when-require.patch
+Patch0005: 0005-DEBUG-use-new-exec_child-_ex-interface-in-tests.patch
+Patch0006: 0006-NEGCACHE-skip-permanent-entries-in-users-groups-rese.patch
+Patch0007: 0007-util-inotify-fixed-CLANG_WARNING.patch
+Patch0008: 0008-util-inotify-fixed-bug-in-inotify-event-processing.patch
+Patch0009: 0009-Replaced-enter-with-insert.patch
+Patch0010: 0010-NSS-client-preserve-errno-during-_nss_sss_end-calls.patch
+Patch0011: 0011-ipa-add-failover-to-subdomain-override-lookups.patch
+Patch0012: 0012-GPO-fix-link-order-in-a-SOM.patch
+Patch0013: 0013-sysdb-make-sysdb_update_subdomains-more-robust.patch
+Patch0014: 0014-ad-rename-ad_master_domain_-to-ad_domain_info_.patch
+Patch0015: 0015-sysdb-make-new_subdomain-public.patch
+Patch0016: 0016-ad-rename-ads_get_root_id_ctx-to-ads_get_dom_id_ctx.patch
+Patch0017: 0017-ad-remove-unused-trust_type-from-ad_subdom_store.patch
+Patch0018: 0018-ad-add-ad_check_domain_-send-recv.patch
+Patch0019: 0019-ad-check-forest-root-directly-if-not-present-on-loca.patch
+Patch0020: 0020-man-Document-invalid-selinux-context-for-homedirs.patch
+Patch0021: 0021-pam_sss-add-SERVICE_IS_GDM_SMARTCARD.patch
+Patch0022: 0022-pam_sss-special-handling-for-gdm-smartcard.patch
+Patch0023: 0023-pam_sss-make-sure-old-certificate-data-is-removed-be.patch
+Patch0024: 0024-systemtap-Missing-a-comma.patch
+Patch0025: 0025-proxy-use-x-as-default-pwfield-only-for-sssd-shadowu.patch
+Patch0026: 0026-files-allow-root-membership.patch
+Patch0027: 0027-PAM-do-not-treat-error-for-cache-only-lookups-as-fat.patch
### Downstream Patches ###
@@ -146,7 +145,7 @@ BuildRequires: systemd-devel
BuildRequires: systemd
BuildRequires: cifs-utils-devel
BuildRequires: libnfsidmap-devel
-BuildRequires: samba4-devel
+BuildRequires: samba-devel
BuildRequires: libsmbclient-devel
BuildRequires: samba-winbind
BuildRequires: systemtap-sdt-devel
@@ -337,6 +336,7 @@ Summary: The IPA back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
+Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: libipa_hbac%{?_isa} = %{version}-%{release}
@@ -353,6 +353,7 @@ Summary: The AD back end of the SSSD
Group: Applications/System
License: GPLv3+
Conflicts: sssd < 1.10.0-8.beta2
+Requires: samba-client-libs >= %{samba_package_version}
Requires: sssd-common = %{version}-%{release}
Requires: sssd-krb5-common = %{version}-%{release}
Requires: sssd-common-pac = %{version}-%{release}
@@ -848,8 +849,6 @@ done
%{_libdir}/%{name}/conf/sssd.conf
%{_datadir}/sssd/cfg_rules.ini
-%{_datadir}/sssd/sssd.api.conf
-%{_datadir}/sssd/sssd.api.d
%{_mandir}/man1/sss_ssh_authorizedkeys.1*
%{_mandir}/man1/sss_ssh_knownhostsproxy.1*
%{_mandir}/man5/sssd.conf.5*
@@ -991,6 +990,9 @@ done
%{python3_sitelib}/SSSDConfig/*.py*
%dir %{python3_sitelib}/SSSDConfig/__pycache__
%{python3_sitelib}/SSSDConfig/__pycache__/*.py*
+%dir %{_datadir}/sssd
+%{_datadir}/sssd/sssd.api.conf
+%{_datadir}/sssd/sssd.api.d
%files -n python3-sss
%defattr(-,root,root,-)
@@ -1220,6 +1222,38 @@ fi
%{_libdir}/%{name}/modules/libwbclient.so
%changelog
+* Thu Jul 02 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-4
+- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication
+- Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider
+- Resolves: rhbz#1803134 - Improve "unlock" time when user session already active
+
+* Fri Jun 26 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-3
+- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package
+- Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP
+- Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache
+- Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for
+ inotify events, and no updates are triggered
+- Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card"
+ on GDM login with smart-card
+- Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat
+- Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network.
+- Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management
+- Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest
+ if LDAP entries do not contain AD forest root information
+- Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories
+ in SSSD-AD direct integration.
+- Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card
+- Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False
+- Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma
+
+* Thu Jun 11 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-2
+- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.
+
+* Mon Jun 08 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.3.0-1
+- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3
+- Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure
+- Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working
+
* Mon Mar 16 2020 Alexey Tikhonov <atikhono@redhat.com> - 2.2.3-19
- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard
certificate EKU and perform an action based