a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# SOME DESCRIPTIVE TITLE
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# Copyright (C) YEAR Red Hat
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# This file is distributed under the same license as the sssd-docs package.
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik# Translators:
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# Chris Leick <c.leick@vollbio.de>, 2013
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik# Fabian Affolter <fab@fedoraproject.org>, 2011
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek# Mario Blättermann <mario.blaettermann@gmail.com>, 2014
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Project-Id-Version: sssd-docs 1.15.3\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Report-Msgid-Bugs-To: sssd-devel@redhat.com\n"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"POT-Creation-Date: 2018-03-09 12:30+0100\n"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"PO-Revision-Date: 2014-12-14 11:53-0500\n"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"Last-Translator: Copied by Zanata <copied-by-zanata@zanata.org>\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Language-Team: German (http://www.transifex.com/projects/p/sssd/language/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Language: de\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"MIME-Version: 1.0\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Content-Type: text/plain; charset=UTF-8\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Content-Transfer-Encoding: 8bit\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Plural-Forms: nplurals=2; plural=(n != 1);\n"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"X-Generator: Zanata 3.9.6\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupmod.8.xml:5 sssd.conf.5.xml:5 sssd-ldap.5.xml:5 pam_sss.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd_krb5_locator_plugin.8.xml:5 sssd-simple.5.xml:5 sss-certmap.5.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-ipa.5.xml:5 sssd-ad.5.xml:5 sssd-sudo.5.xml:5 sssd.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_obfuscate.8.xml:5 sss_override.8.xml:5 sss_useradd.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:5 sss_groupadd.8.xml:5 sss_userdel.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_groupdel.8.xml:5 sss_groupshow.8.xml:5 sss_usermod.8.xml:5
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_cache.8.xml:5 sss_debuglevel.8.xml:5 sss_seed.8.xml:5 sssd-ifp.5.xml:5
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_rpcidmapd.5.xml:5 sss_ssh_authorizedkeys.1.xml:5
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#: sss_ssh_knownhostsproxy.1.xml:5 idmap_sss.8.xml:5 sssctl.8.xml:5
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:5 sssd-secrets.5.xml:5 sssd-session-recording.5.xml:5
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SSSD Manual pages"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "SSSD-Handbuchseiten"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupmod.8.xml:10 sss_groupmod.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_groupmod"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_groupmod"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refmeta><manvolnum>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sss_groupmod.8.xml:11 pam_sss.8.xml:12 sssd_krb5_locator_plugin.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sssd.8.xml:11 sss_obfuscate.8.xml:11 sss_override.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_useradd.8.xml:11 sss_groupadd.8.xml:11 sss_userdel.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_groupdel.8.xml:11 sss_groupshow.8.xml:11 sss_usermod.8.xml:11
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#: sss_cache.8.xml:11 sss_debuglevel.8.xml:11 sss_seed.8.xml:11
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: idmap_sss.8.xml:11 sssctl.8.xml:11 sssd-kcm.8.xml:11
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "modify a group"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Ändern einer Gruppe"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupmod</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sss_groupmod.8.xml:30 sssd-ldap.5.xml:21 pam_sss.8.xml:57
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd_krb5_locator_plugin.8.xml:20 sssd-simple.5.xml:22 sss-certmap.5.xml:21
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-ipa.5.xml:21 sssd-ad.5.xml:21 sssd-sudo.5.xml:21 sssd.8.xml:29
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_obfuscate.8.xml:30 sss_override.8.xml:30 sss_useradd.8.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:21 sss_groupadd.8.xml:30 sss_userdel.8.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_groupdel.8.xml:30 sss_groupshow.8.xml:30 sss_usermod.8.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_cache.8.xml:29 sss_debuglevel.8.xml:30 sss_seed.8.xml:31
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-ifp.5.xml:21 sss_ssh_authorizedkeys.1.xml:30
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss_ssh_knownhostsproxy.1.xml:31 idmap_sss.8.xml:20 sssctl.8.xml:30
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:21 sssd-secrets.5.xml:21 sssd-session-recording.5.xml:21
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "DESCRIPTION"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "BESCHREIBUNG"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupmod</command> modifies the group to reflect the changes "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that are specified on the command line."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupmod</command> ändert die Gruppe, um die auf der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Befehlszeile angegebenen Änderungen widerzuspiegeln."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sss_groupmod.8.xml:39 pam_sss.8.xml:64 sssd.8.xml:42 sss_obfuscate.8.xml:58
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_useradd.8.xml:39 sss_groupadd.8.xml:39 sss_userdel.8.xml:39
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupdel.8.xml:39 sss_groupshow.8.xml:39 sss_usermod.8.xml:39
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sss_cache.8.xml:39 sss_seed.8.xml:42 sss_ssh_authorizedkeys.1.xml:66
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "OPTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "OPTIONEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupmod.8.xml:43 sss_usermod.8.xml:77
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-a</option>,<option>--append-group</option> <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-a</option>,<option>--append-group</option> <replaceable>GRUPPEN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Append this group to groups specified by the <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"a comma separated list of group names."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hängt diese Gruppe an die Gruppen an, die durch den Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GRUPPEN</replaceable> angegeben wurden. Der Parameter "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"von Gruppennamen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupmod.8.xml:57 sss_usermod.8.xml:91
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-r</option>,<option>--remove-group</option> <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-r</option>,<option>--remove-group</option> <replaceable>GRUPPEN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Remove this group from groups specified by the <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> parameter."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entfernt diese Gruppe von den Gruppen, die durch den Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GRUPPEN</replaceable> angegeben wurden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refmeta><manvolnum>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd.conf.5.xml:11 sssd-ldap.5.xml:11 sssd-simple.5.xml:11
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss-certmap.5.xml:11 sssd-ipa.5.xml:11 sssd-ad.5.xml:11 sssd-sudo.5.xml:11
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:11 sssd-ifp.5.xml:11 sss_rpcidmapd.5.xml:27
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:11 sssd-secrets.5.xml:11 sssd-session-recording.5.xml:11
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refmeta><refmiscinfo>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd.conf.5.xml:12 sssd-ldap.5.xml:12 sssd-simple.5.xml:12
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sss-certmap.5.xml:12 sssd-ipa.5.xml:12 sssd-ad.5.xml:12 sssd-sudo.5.xml:12
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#: sssd-krb5.5.xml:12 sssd-ifp.5.xml:12 sss_rpcidmapd.5.xml:28
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:12 sssd-secrets.5.xml:12 sssd-session-recording.5.xml:12
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "File Formats and Conventions"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Dateiformate und Konventionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "the configuration file for SSSD"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Konfigurationsdatei für SSSD"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "FILE FORMAT"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "DATEIFORMAT"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<replaceable>[section]</replaceable>\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The file has an ini-style syntax and consists of sections and parameters. A "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"section begins with the name of the section in square brackets and continues "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"until the next section begins. An example of section with single and multi-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Datei hat eine Syntax im Ini-Stil. Sie besteht aus Abschnitten und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Parametern. Ein Abschnitt beginnt mit dem Namen des Abschnitts in eckigen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Klammern und dauert bis zum Anfang des nächsten Abschnitts. Ein Beispiel "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eines Abschnitts mit Parametern, die einzelne und mehrere Werte haben: "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The data types used are string (no quotes needed), integer and bool (with "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"values of <quote>TRUE/FALSE</quote>)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die benutzten Datentypen sind Zeichenkette (keine Anführungszeichen nötig), "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ganzzahl und Boolesch (mit den Werten »TRUE« und »FALSE«)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(<quote>;</quote>). Inline comments are not supported."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Eine Kommentarzeile beginnt mit einem Rautenzeichen (»#«) oder einem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Strichpunkt (»;«). Kommentare innerhalb von Zeilen werden nicht unterstützt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"All sections can have an optional <replaceable>description</replaceable> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"parameter. Its function is only as a label for the section."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Alle Abschnitte können einen optionalen Parameter <replaceable>Beschreibung</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> haben. Er dient nur als Beschriftung eines Abschnitts."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<filename>sssd.conf</filename> must be a regular file, owned by root and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"only root may read from or write to the file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<filename>sssd.conf</filename> muss eine normale Datei sein, die Root gehört "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und die nur von Root gelesen oder geschrieben werden darf."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"The configuration file <filename>sssd.conf</filename> will include "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"configuration snippets using the include directory <filename>conf.d</"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"filename>. This feature is available if SSSD was compiled with libini "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"version 1.3.0 or later."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"Any file placed in <filename>conf.d</filename> that ends in "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<quote><filename>.conf</filename></quote> and does not begin with a dot "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"(<quote>.</quote>) will be used together with <filename>sssd.conf</filename> "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"to configure SSSD."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"The configuration snippets from <filename>conf.d</filename> have higher "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"priority than <filename>sssd.conf</filename> and will override "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<filename>sssd.conf</filename> when conflicts occur. If several snippets are "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"present in <filename>conf.d</filename>, then they are included in "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"alphabetical order (based on locale). Files included later have higher "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"priority. Numerical prefixes (<filename>01_snippet.conf</filename>, "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<filename>02_snippet.conf</filename> etc.) can help visualize the priority "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"(higher number means higher priority)."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"The snippet files require the same owner and permissions as <filename>sssd."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"conf</filename>. Which are by default root:root and 0600."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "GENERAL OPTIONS"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ALLGEMEINE OPTIONEN"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Following options are usable in more than one configuration sections."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die folgenden Optionen sind in mehreren Konfigurationsabschnitten verfügbar."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Options usable in all sections"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "In allen Abschnitten verfügbare Optionen"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "debug_level (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "debug_level (Ganzzahl)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "debug (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"are specified, the value of <replaceable>debug_level</replaceable> will be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "debug_timestamps (bool)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "debug_timestamps (Boolesch)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Add a timestamp to the debug messages. If journald is enabled for SSSD "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"debug logging this option is ignored."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd.conf.5.xml:133 sssd.conf.5.xml:543 sssd.conf.5.xml:837
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1474 sssd-ldap.5.xml:1840 sssd-ldap.5.xml:1937
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1999 sssd-ldap.5.xml:2565 sssd-ldap.5.xml:2630
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2648 sssd-ad.5.xml:224 sssd-ad.5.xml:338 sssd-ad.5.xml:882
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-krb5.5.xml:499 sssd-secrets.5.xml:351 sssd-secrets.5.xml:364
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: true"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "Voreinstellung: »true«"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "debug_microseconds (bool)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "debug_microseconds (Boolesch)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Add microseconds to the timestamp in debug messages. If journald is enabled "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"for SSSD debug logging this option is ignored."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd.conf.5.xml:146 sssd.conf.5.xml:540 sssd.conf.5.xml:721
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1407 sssd.conf.5.xml:2925 sssd-ldap.5.xml:708
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1714 sssd-ldap.5.xml:1733 sssd-ldap.5.xml:1909
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2335 sssd-ipa.5.xml:151 sssd-ipa.5.xml:238
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ipa.5.xml:559 sssd-krb5.5.xml:266 sssd-krb5.5.xml:300
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: false"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "Voreinstellung: »false«"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:106 sssd.conf.5.xml:157 sssd-ldap.5.xml:2373
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:82 sssd-systemtap.5.xml:143 sssd-systemtap.5.xml:210
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:248 sssd-systemtap.5.xml:304
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<placeholder type=\"variablelist\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Options usable in SERVICE and DOMAIN sections"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "In den Abschnitten SERVICE und DOMAIN verwendbare Optionen"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "timeout (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "timeout (Ganzzahl)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Timeout in seconds between heartbeats for this service. This is used to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ensure that the process is alive and capable of answering requests. Note "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"that after three missed heartbeats the process will terminate itself."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:169 sssd.conf.5.xml:1359 sssd.conf.5.xml:2941
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1585 include/ldap_id_mapping.xml:264
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: 10"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "Voreinstellung: 10"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SPECIAL SECTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "BESONDERE ABSCHNITTE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The [sssd] section"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Der Abschnitt [sssd]"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Section parameters"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Abschnittsparameter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "config_file_version (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "config_file_version (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Syntax der Konfigurationsdatei an. SSSD 0.6.0 und neuer benutzen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "services"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Dienste"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Comma separated list of services that are started when sssd itself starts. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<phrase condition=\"have_systemd\"> The services' list is optional on "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"platforms where systemd is supported, as they will either be socket or D-Bus "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"activated when needed. </phrase>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Unterstützte Dienste sind: nss, pam <phrase condition=\"with_sudo\">, sudo</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"phrase> <phrase condition=\"with_autofs\">, autofs</phrase> <phrase "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"condition=\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"\">, pac</phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<phrase condition=\"have_systemd\"> By default, all services are disabled "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"and the administrator must enable the ones allowed to be used by executing: "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"\"systemctl enable sssd-@service@.socket\". </phrase>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "reconnection_retries (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "reconnection_retries (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Number of times services should attempt to reconnect in the event of a Data "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Provider crash or restart before they give up"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anzahl der Versuche, die ein Dienst unternehmen sollte, um sich erneut zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verbinden, bevor er aufgibt, falls ein Datenanbieter abgestürzt ist oder neu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 3"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 3"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "domains"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "Domains"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"A domain is a database containing user information. SSSD can use more "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domains at the same time, but at least one must be configured or SSSD won't "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"start. This parameter describes the list of domains in the order you want "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"them to be queried. A domain name should only consist of alphanumeric ASCII "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"characters, dashes, dots and underscores."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "re_expression (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "re_expression (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default regular expression that describes how to parse the string containing "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"user name and domain into these components."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"voreingestellter regulärer Ausdruck, der beschreibt, in welche Bestandteile "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Zeichenkette mit Benutzernamen und Domain bei der Auswertung zerlegt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden sollen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Each domain can have an individual regular expression configured. For some "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ID providers there are also default regular expressions. See DOMAIN SECTIONS "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"for more info on these regular expressions."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "full_name_format (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "full_name_format (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>-compatible format that describes how to compose a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fully qualified name from user name and domain name components."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ein mit <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> kompatibles Format, das beschreibt, wie ein voll "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"qualifizierter Name aus den Bestandteilen Benutzername und Domain-Name "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zusammengestellt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "user name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Benutzername"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "domain name as specified in the SSSD config file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Domain-Name, wie er durch die SSSD-Konfigurationsdatei angegeben wird"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domain flat name. Mostly usable for Active Directory domains, both directly "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"configured or discovered via IPA trusts."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"flacher Name der Domain; meist für Active-Directory-Domains nützlich, sowohl "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"direkt konfiguriert als auch über IPA-Trust"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following expansions are supported: <placeholder type=\"variablelist\" "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Each domain can have an individual format string configured. see DOMAIN "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SECTIONS for more info on this option."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Für jede Domain kann eine individuelle Formatzeichenkette konfiguriert "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden. Weitere Informationen über diese Option finden Sie unter DOMAIN-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "try_inotify (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "try_inotify (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD monitors the state of resolv.conf to identify when it needs to update "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"its internal DNS resolver. By default, we will attempt to use inotify for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"this, and will fall back to polling resolv.conf every five seconds if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"inotify cannot be used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD überwacht den Status der »resolv.conf«, um festzustellen, wann es "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"seinen internen DNS-Resolver aktualisieren muss. Standardmäßig werden wir "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"versuchen, dafür Inotify zu benutzen. Falls Inotify nicht benutzt werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann, werden wir darauf zurückgreifen, alle fünf Sekunden »resolv.conf« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"There are some limited situations where it is preferred that we should skip "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"even trying to use inotify. In these rare cases, this option should be set "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Es gibt ein paar begrenzte Situationen, in denen wir den Versuch, Inotify zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzen, vorzugsweise überspringen sollten. In diesen seltenen Fällen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sollte diese Option auf »false« gesetzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: true on platforms where inotify is supported. False on other "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: »true« auf Plattformen, auf denen Inotify unterstützt wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»false« auf anderen Plattformen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Note: this option will have no effect on platforms where inotify is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unavailable. On these platforms, polling will always be used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Hinweis: Diese Option wird auf Plattformen, auf denen Inotify nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verfügbar ist, keine Auswirkungen haben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_rcache_dir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_rcache_dir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directory on the filesystem where SSSD should store Kerberos replay cache "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Verzeichnis auf dem Dateisystem, auf dem SSSD Dateien des Kerberos-Replay-"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Zwischenspeichers speichern sollte."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD to let libkrb5 decide the appropriate location for the replay cache."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option akzeptiert einen besonderen Wert, __LIBKRB5_DEFAULTS__, der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD anweisen wird, Libkrb5 die Entscheidung zu überlassen, wo der geeignete "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ort für den Replay-Zwischenspeicher ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: Distribution-specific and specified at build-time. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(__LIBKRB5_DEFAULTS__ if not configured)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: ahängig von der Distribution und zur Bauzeit angegeben "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(__LIBKRB5_DEFAULTS__, falls nicht konfiguriert)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "user (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"The user to drop the privileges to where appropriate to avoid running as the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"root user. <phrase condition=\"have_systemd\"> This option does not work "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"when running socket-activated services, as the user set up to run the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"processes is set up during compilation time. The way to override the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"systemd unit files is by creating the appropriate files in /etc/systemd/"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"system/. Keep in mind that any change in the socket user, group or "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"permissions may result in a non-usable SSSD. The same may occur in case of "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"changes of the user running the NSS responder. </phrase>"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: not set, process will run as root"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "default_domain_suffix (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "default_domain_suffix (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This string will be used as a default domain name for all names without a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domain name component. The main use case is environments where the primary "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domain is intended for managing host policies and all users are located in a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"trusted domain. The option allows those users to log in just with their "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"user name without giving a domain name as well."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Zeichenkette wird als Standard-Domain-Name für alle Namen ohne einen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Domain-Namensbestandteil benutzt. Hauptsächlich wird dies in Umgebungen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt, in denen die primäre Domain zur Verwaltung von Rechnerrichtlinien "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gedacht ist und sich alle Anwender in einer vertrauenswürdigen Domain "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"befinden. Die Option ermöglicht diesen Anwendern die Anmeldung allein mit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ihrem Benutzernamen ohne auch eine Domain anzugeben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that if this option is set all users from the primary domain "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"have to use their fully qualified name, e.g. user@domain.name, to log in. "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Setting this option changes default of use_fully_qualified_names to True. It "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"is not allowed to use this option together with use_fully_qualified_names "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"set to False."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:418 sssd.conf.5.xml:1163 sssd-ldap.5.xml:679
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1319 sssd-ldap.5.xml:1673 sssd-ldap.5.xml:1685
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1767 sssd-ad.5.xml:687 sssd-ad.5.xml:762 sssd.8.xml:126
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-krb5.5.xml:410 sssd-krb5.5.xml:556 sssd-secrets.5.xml:339
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-secrets.5.xml:377 sssd-secrets.5.xml:390 sssd-secrets.5.xml:404
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-secrets.5.xml:415 include/ldap_id_mapping.xml:205
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nicht gesetzt"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "override_space (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"This parameter will replace spaces (space bar) with the given character for "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"user and group names. e.g. (_). User name "john doe" will be "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek""john_doe" This feature was added to help compatibility with shell "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"scripts that have difficulty handling spaces, due to the default field "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"separator in the shell."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Please note it is a configuration error to use a replacement character that "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"might be used in user or group names. If a name contains the replacement "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"character SSSD tries to return the unmodified name but in general the result "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"of a lookup is undefined."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: not set (spaces will not be replaced)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "certificate_verification (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "no_ocsp"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"needed if the OCSP servers defined in the certificate are not reachable from "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"the client."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "no_verification"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Disables verification completely. This option should only be used for "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ocsp_default_responder=URL"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Sets the OCSP default responder which should be used instead of the one "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"default responder e.g. http://example.com:80/ocsp."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"This option must be used together with ocsp_default_responder_signing_cert."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ocsp_default_responder_signing_cert=NAME"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The nickname of the cert to trust (expected) to sign the OCSP responses. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The certificate with the given nickname must be available in the systems NSS "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "This option must be used together with ocsp_default_responder."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"With this parameter the certificate verification can be tuned with a comma "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"separated list of options. Supported options are: <placeholder type="
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"\"variablelist\" id=\"0\"/>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Unknown options are reported but ignored."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "Default: not set, i.e. do not restrict certificate verification"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "disable_netlink (boolean)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"SSSD hooks into the netlink interface to monitor changes to routes, "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"addresses, links and trigger certain actions."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The SSSD state changes caused by netlink events may be undesirable and can "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"be disabled by setting this option to 'true'"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: false (netlink changes are detected)"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "enable_files_domain (boolean)"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"When this option is enabled, SSSD prepends an implicit domain with "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<quote>id_provider=files</quote> before any explicitly configured domains."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "domain_resolution_order"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Comma separated list of domains and subdomains representing the lookup order "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"that will be followed. The list doesn't have to include all possible "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"domains as the missing domains will be looked up based on the order they're "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"presented in the <quote>domains</quote> configuration option. The "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"subdomains which are not listed as part of <quote>lookup_order</quote> will "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"be looked up in a random order for each parent domain."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please, note that when this option is set the output format of all commands "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"is always fully-qualified even when using short names for input. In case "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the administrator wants the output not fully-qualified, the full_name_format "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"However, keep in mind that during login, login applications often "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"shortname is returned for a qualified input (while trying to reach a user "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"which exists in multiple domains) might re-route the login attempt into the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"domain which users shortnames, making this workaround totally not "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"recommended in cases where usernames may overlap between domains."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:587 sssd.conf.5.xml:1371 sssd.conf.5.xml:2991
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:161 sssd-ad.5.xml:299 sssd-ad.5.xml:313
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Default: Not set"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgstr "Voreinstellung: Nicht gesetzt"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Individual pieces of SSSD functionality are provided by special SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"services that are started and stopped together with SSSD. The services are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"managed by a special service frequently called <quote>monitor</quote>. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>[sssd]</quote> section is used to configure the monitor as well as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"some other important options like the identity domains. <placeholder type="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Individuelle Teile der SSSD-Funktionalität werden durch spezielle SSSD-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dienste bereitgestellt, die zusammen mit SSSD gestartet und gestoppt werden. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Dienste werden durch einen speziellen Dienst, oft »Monitor« genannt, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verwaltet. Der Abschnitt »[sssd]« wird sowohl zum Konfigurieren des Monitors "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"als auch einiger anderer wichtiger Optionen wie den »Identity Domains« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verwendet. <placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SERVICES SECTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "DIENSTABSCHNITTE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Settings that can be used to configure different services are described in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"section, for example, for NSS service, the section would be <quote>[nss]</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dieser Abschnitt beschreibt Einstellungen, die zum Konfigurieren mehrerer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterschiedlicher Dienste benutzt werden. Sie sollten im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"[<replaceable>$NAME</replaceable>] liegen, für den Dienst NSS wäre der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abschnitt zum Beispiel <quote>[nss]</quote>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "General service configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Allgemeine Optionen zum Konfigurieren von Diensten"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "These options can be used to configure any service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "fd_limit"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "fd_limit"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option specifies the maximum number of file descriptors that may be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"opened at one time by this SSSD process. On systems where SSSD is granted "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"systems without this capability, the resulting value will be the lower value "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of this or the limits.conf \"hard\" limit."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option gibt die maximale Anzahl von Dateideskriptoren an, die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gleichzeitig durch diesen SSSD-Prozess geöffnet sein können. Auf Systemen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auf denen SSSD die Fähigkeit CAP_SYS_RESOURCE gewährt wird, wird dies eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"absolute Einstellung sein. Auf Systemen ohne diese Fähigkeit wird der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"resultierende Wert der niedrigere Wert hiervon oder der der »harten« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Begrenzung in der »limit.conf« sein."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 8192 (or limits.conf \"hard\" limit)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 8192 (oder die »harte« Begrenzung der »limit.conf«)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "client_idle_timeout"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "client_idle_timeout"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option specifies the number of seconds that a client of an SSSD process "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"can hold onto a file descriptor without communicating on it. This value is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"limited in order to avoid resource exhaustion on the system. The timeout "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"can't be shorter than 10 seconds. If a lower value is configured, it will be "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"adjusted to 10 seconds."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd.conf.5.xml:655 sssd.conf.5.xml:687 sssd.conf.5.xml:968
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 60"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 60"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "offline_timeout (integer)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "offline_timeout (Ganzzahl)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"When SSSD switches to offline mode the amount of time before it tries to go "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"back online will increase based upon the time spent disconnected. This "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"value is in seconds and calculated by the following:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "offline_timeout + random_offset"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The random offset can increment up to 30 seconds. After each unsuccessful "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"attempt to go online, the new interval is recalculated by the following:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "new_interval = old_interval*2 + random_offset"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Note that the maximum length of each interval is currently limited to one "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"hour. If the calculated length of new_interval is greater than an hour, it "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"will be forced to one hour."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "responder_idle_timeout"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"This option specifies the number of seconds that an SSSD responder process "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"can be up without being used. This value is limited in order to avoid "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"resource exhaustion on the system. The minimum acceptable value for this "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"option is 60 seconds. Setting this option to 0 (zero) means that no timeout "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"will be set up to the responder. This option only has effect when SSSD is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"built with systemd support and when services are either socket or D-Bus "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:709 sssd.conf.5.xml:981 sssd.conf.5.xml:1566
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "Default: 300"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "Voreinstellung: 300"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "cache_first"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"This option specifies whether the responder should query all caches before "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"querying the Data Providers."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "NSS configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "NSS-Konfigurationsoptionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"These options can be used to configure the Name Service Switch (NSS) service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Optionen können zum Konfigurieren des »Name Service Switch« (NSS) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt werden"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "enum_cache_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "enum_cache_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should nss_sss cache enumerations (requests for info about "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wieviele Sekunden soll »nss_sss« Aufzählungen (Abfragen von Informationen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"über alle Nutzer) zwischenspeichern?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 120"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 120"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_nowait_percentage (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_nowait_percentage (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The entry cache can be set to automatically update entries in the background "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"if they are requested beyond a percentage of the entry_cache_timeout value "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for the domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Eintragszwischenspeicher kann auf automatisch im Hintergrund "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"aktualisierte Einträge gestellt werden, falls sie jenseits eines "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Prozentsatzes des Wertes »entry_cache_timeout« für die Domain abgefragt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For example, if the domain's entry_cache_timeout is set to 30s and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"after 15 seconds past the last cache update will be returned immediately, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"but the SSSD will go and update the cache on its own, so that future "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"requests will not need to block waiting for a cache update."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls zum Beispiel die Zeitüberschreitung für den Eintragszwischenspeicher "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Domain auf 30s und »entry_cache_nowait_percentage« auf 50 Prozent "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gesetzt wurde, werden Einträge, die in den letzten 15 Sekunden nach der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"letzen Zwischenspeicheraktualisierung hereinkamen, sofort zurückgegeben, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD wird aber den Zwischenspeicher selbst aktualisieren, so dass zukünftige "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abfragen nicht blockiert werden müssen, um auf eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zwischenspeicheraktualisierung zu warten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Valid values for this option are 0-99 and represent a percentage of the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entry_cache_timeout for each domain. For performance reasons, this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"disables this feature)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Gültige Werte für diese Option sind 0-99. Sie geben die Prozentzahl des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»entry_cache_timeout« für jede Domain an. Aus Leistungsgründen wird diese "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Prozentzahl die »nowait«-Zeitüberschreitung nie auf weniger als zehn "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sekunden senken. (0 schaltet diese Funktionalität aus.)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 50"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 50"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_negative_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_negative_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies for how many seconds nss_sss should cache negative cache hits "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(that is, queries for invalid database entries, like nonexistent ones) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"before asking the back end again."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, für wie viele Sekunden lang »nss_sss« negative "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zwischenspeichertreffer zwischenspeichern soll (das heißt, Abfragen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ungültiger Datenbankeinträge, wie solche, die nicht existieren), bevor das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Backend erneut gefragt wird)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 15"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 15"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "local_negative_timeout (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Specifies for how many seconds nss_sss should keep local users and groups in "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"negative cache before trying to look it up in the back end again."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:802 sssd.conf.5.xml:1217 sssd.conf.5.xml:2846 sssd.8.xml:79
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: 0"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "Voreinstellung: 0"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "filter_users, filter_groups (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "filter_users, filter_groups (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Exclude certain users or groups from being fetched from the sss NSS "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"database. This is particularly useful for system accounts. This option can "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"also be set per-domain or include fully-qualified names to filter only users "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"from the particular domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"NOTE: The filter_groups option doesn't affect inheritance of nested group "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"members, since filtering happens after they are propagated for returning via "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"NSS. E.g. a group having a member group filtered out will still have the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"member users of the latter listed."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: root"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: root"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "filter_users_in_groups (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "filter_users_in_groups (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If you want filtered user still be group members set this option to false."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls Sie möchten, dass gefilterte Nutzer weiterhin Gruppenmitglieder sind, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzen Sie diese Option auf »false«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "fallback_homedir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "fallback_homedir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Set a default template for a user's home directory if one is not specified "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"explicitly by the domain's data provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt eine Standardschablone für das Home-Verzeichnis eines Nutzers, falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"es nicht explizit durch den Datenanbieter der Domain angegeben wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The available values for this option are the same as for override_homedir."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die für diese Option verfügbaren Werte sind dieselben wie für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»override_homedir«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"fallback_homedir = /home/%u\n"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"fallback_homedir = /home/%u\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:856 sssd.conf.5.xml:1296 sssd.conf.5.xml:1315
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:539 include/override_homedir.xml:59
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Beispiel: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set (no substitution for unset home directories)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: nicht gesetzt (kein Ersetzen nicht gesetzter Home-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verzeichnisse)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "override_shell (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "override_shell (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Override the login shell for all users. This option supersedes any other "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"shell options if it takes effect and can be set either in the [nss] section "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"or per-domain."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Setzt die Anmeldeshell für alle Benutzer außer Kraft. Diese Option genießt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Vorrecht vor allen anderen Shell-Optionen, falls sie Wirkung zeigt und kann "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"entweder im Abschnitt [nss] oder für jede Domain gesetzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set (SSSD will use the value retrieved from LDAP)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP erhaltenen Wert "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "allowed_shells (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "allowed_shells (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Restrict user shell to one of the listed values. The order of evaluation is:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beschränkt die Shell des Nutzers auf eine der aufgeführten Werte. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Reihenfolge der Auswertung ist:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "1. If the shell is present in <quote>/etc/shells</quote>, it is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "1. Falls die Shell in »/etc/shells« vorhanden ist, wird sie benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"2. If the shell is in the allowed_shells list but not in <quote>/etc/shells</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"quote>, use the value of the shell_fallback parameter."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"2. Falls die Shell in der Liste »allowed_shells«, aber nicht in »/etc/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"shells« steht, wird der Wert des Parameters »shell_fallback« verwendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"shells</quote>, a nologin shell is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"3. Falls die Shell weder in der Liste »allowed_shells« noch in »/etc/shells« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"steht, wird eine Nicht-Login-Shell benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "The wildcard (*) can be used to allow any shell."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"The (*) is useful if you want to use shell_fallback in case that user's "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"shell is not in <quote>/etc/shells</quote> and maintaining list of all "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"allowed shells in allowed_shells would be to much overhead."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "An empty string for shell is passed as-is to libc."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Eine leere Zeichenkette als Shell wird, so wie sie ist, an Libc übergeben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The <quote>/etc/shells</quote> is only read on SSSD start up, which means "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that a restart of the SSSD is required in case a new shell is installed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»/etc/shells« wird nur beim Start von SSSD gelesen. Das bedeutet, dass im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Fall einer neu installierten Shell ein Neustart von SSSD nötig ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Not set. The user shell is automatically used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: nicht gesetzt. Die Benutzer-Shell wird automatisch verwendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "vetoed_shells (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "vetoed_shells (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Replace any instance of these shells with the shell_fallback"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ersetzt jedwede Instanz dieser Shells durch die aus »shell_fallback«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "shell_fallback (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "shell_fallback (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The default shell to use if an allowed shell is not installed on the machine."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Standard-Shell, die benutzt werden soll, falls eine erlaubte Shell nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auf dem Rechner installiert ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: /bin/sh"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: /bin/sh"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "default_shell"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "default_shell"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The default shell to use if the provider does not return one during lookup. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This option can be specified globally in the [nss] section or per-domain."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die zu verwendende Vorgabeshell, falls der Anbieter während des Suchvorgangs "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"nichts zurückgibt. Diese Option kann entweder im Abschnitt [nss] oder für "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"jede Domain gesetzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: not set (Return NULL if no shell is specified and rely on libc to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"substitute something sensible when necessary, usually /bin/sh)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: nicht gesetzt (Falls keine Shell angegeben wurde, wird NULL "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zurückgegeben und darauf vertraut, dass Libc es, wenn nötig, durch etwas "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Vernünftiges, üblicherweise /bin/sh, ersetzt.)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "get_domains_timeout (int)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "get_domains_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies time in seconds for which the list of subdomains will be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"considered valid."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Zeit in Sekunden an, während der die Liste der Subdomains als "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gültig erachtet wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "memcache_timeout (int)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "memcache_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies time in seconds for which records in the in-memory cache will be "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"valid. Setting this option to zero will disable the in-memory cache."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"WARNING: Disabling the in-memory cache will have significant negative impact "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"on SSSD's performance and should only be used for testing."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"client applications will not use the fast in-memory cache."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "user_attributes (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgstr "user_attributes (Zeichenkette)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Some of the additional NSS responder requests can return more attributes "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"than just the POSIX ones defined by the NSS interface. The list of "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"attributes is controlled by this option. It is handled the same way as the "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"<quote>user_attributes</quote> option of the InfoPipe responder (see "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"manvolnum> </citerefentry> for details) but with no default values."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"To make configuration more easy the NSS responder will check the InfoPipe "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"option if it is not set for the NSS responder."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: not set, fallback to InfoPipe option"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "pwfield (string)"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The value that NSS operations that return users or groups will return for "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"the <quote>password</quote> field."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1032 include/override_homedir.xml:56
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "This option can also be set per-domain."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgstr "Diese Option kann auch pro Domain gesetzt werden."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "PAM configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "PAM-Konfigurationsoptionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"These options can be used to configure the Pluggable Authentication Module "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(PAM) service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Optionen können benutzt werden, um den Dienst »Pluggable "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentication Module« (PAM) einzurichten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "offline_credentials_expiration (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "offline_credentials_expiration (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the authentication provider is offline, how long should we allow cached "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"logins (in days since the last successful online login)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wie lange sollen zwischengespeicherte Anmeldungen erlaubt werden, falls der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierungsanbieter offline ist (in Tagen seit der letzten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erfolgreichen Anmeldung)?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 0 (No limit)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 0 (unbegrenzt)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "offline_failed_login_attempts (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "offline_failed_login_attempts (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the authentication provider is offline, how many failed login attempts "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are allowed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wieviele fehlgeschlagene Anmeldeversuche sind erlaubt, falls der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierungsanbieter offline ist?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "offline_failed_login_delay (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "offline_failed_login_delay (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The time in minutes which has to pass after offline_failed_login_attempts "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"has been reached before a new login attempt is possible."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"die Zeit in Minuten, die nach dem Erreichen von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»offline_failed_login_attempts« vergehen muss, bevor ein neuer "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Anmeldeversuch möglich ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If set to 0 the user cannot authenticate offline if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"offline_failed_login_attempts has been reached. Only a successful online "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentication can enable offline authentication again."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls dies auf 0 gesetzt ist, kann der Benutzer sich nicht offline "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentifizieren, wenn »offline_failed_login_attempts« erreicht wurde. Nur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eine erfolgreiche Online-Authentifizierung kann die Offline-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierung reaktivieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 5"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 5"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "pam_verbosity (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "pam_verbosity (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Controls what kind of messages are shown to the user during authentication. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The higher the number to more messages are displayed."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"steuert, welche Arten von Nachrichten während der Benutzerauthentifizierung "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"angezeigt werden. Je höher die Zahl, desto mehr Nachrichten werden angezeigt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Currently sssd supports the following values:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Derzeit unterstützt SSSD folgende Werte:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>0</emphasis>: do not show any message"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>0</emphasis>: keine Nachricht anzeigen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>1</emphasis>: show only important messages"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>1</emphasis>: nur wichtige Nachrichten anzeigen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>2</emphasis>: show informational messages"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<emphasis>2</emphasis>: nur informative Nachrichten anzeigen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>3</emphasis>: show all messages and debug information"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>3</emphasis>: alle Nachrichten und Debug-Informationen anzeigen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 1"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 1"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "pam_response_filter (integer)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"A comma separated list of strings which allows to remove (filter) data sent "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"by the PAM responder to pam_sss PAM module. There are different kind of "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"responses sent to pam_sss e.g. messages displayed to the user or environment "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"variables which should be set by pam_sss."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"While messages already can be controlled with the help of the pam_verbosity "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"option this option allows to filter out other kind of responses as well."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Do not send any environment variables to any service."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ENV:var_name"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Do not send environment variable var_name to any service."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ENV:var_name:service"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Do not send environment variable var_name to service."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Currently the following filters are supported: <placeholder type="
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"\"variablelist\" id=\"0\"/>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "Example: ENV:KRB5CCNAME:sudo-i"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "pam_id_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "pam_id_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For any PAM request while SSSD is online, the SSSD will attempt to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"immediately update the cached identity information for the user in order to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ensure that authentication takes place with the latest information."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Für alle PAM-Anfragen, während SSSD online ist, wird SSSD versuchen, sofort "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die zwischengespeicherten Identitätsinformationen für den Benutzer zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"aktualisieren. Dadurch wird sichergestellt, dass die Authentifizierung mit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"den neusten Informationen erfolgt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"A complete PAM conversation may perform multiple PAM requests, such as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"account management and session opening. This option controls (on a per-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"client-application basis) how long (in seconds) we can cache the identity "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"information to avoid excessive round-trips to the identity provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Eine vollständige PAM-Konversation kann mehrere PAM-Abfragen durchführen, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"wie die Kontenverwaltung und das Öffnen von Sitzungen. Diese Option steuert "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"(auf Basis von Client-Anwendungen) wie lange (in Sekunden) die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Identitätsinformationen zwischengespeichert werden können, um übermäßig "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"viele Abfragen der Identitätsanbieter zu vermeiden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "pam_pwd_expiration_warning (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "pam_pwd_expiration_warning (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Display a warning N days before the password expires."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "zeigt N Tage vor Ablauf des Passworts eine Warnung an."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that the backend server has to provide information about the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"expiration time of the password. If this information is missing, sssd "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"cannot display a warning."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass der Backend-Server Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ablaufzeit des Passworts bereitstellen muss. Fehlt diese Information, kann "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD keine Warnung anzeigen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If zero is set, then this filter is not applied, i.e. if the expiration "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"warning was received from backend server, it will automatically be displayed."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Falls dies auf Null gesetzt ist, wird dieser Filter nicht angewendet, d.h., "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"falls die Ablaufwarnung vom Backend-Server empfangen wurde, wird sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"automatisch angezeigt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> for a particular domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Einstellung kann durch Setzen von <emphasis>pwd_expiration_warning</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> für eine bestimmte Domain außer Kraft gesetzt werden."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "pam_trusted_users (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Specifies the comma-separated list of UID values or user names that are "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"allowed to run PAM conversations against trusted domains. Users not "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"included in this list can only access domains marked as public with "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: All users are considered trusted by default"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Please note that UID 0 is always allowed to access the PAM responder even in "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"case it is not in the pam_trusted_users list."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "pam_public_domains (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Specifies the comma-separated list of domain names that are accessible even "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"to untrusted users."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Two special values for pam_public_domains option are defined:"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"all (Untrusted users are allowed to access all domains in PAM responder.)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"none (Untrusted users are not allowed to access any domains PAM in "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"responder.)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1277 sssd.conf.5.xml:1302 sssd.conf.5.xml:1321
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1825 sssd.conf.5.xml:2782 sssd-ldap.5.xml:1968
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: none"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "Voreinstellung: none"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "pam_account_expired_message (string)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Allows a custom expiration message to be set, replacing the default "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"'Permission denied' message."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Note: Please be aware that message is only printed for the SSH service "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"unless pam_verbosity is set to 3 (show all messages and debug information)."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"pam_account_expired_message = Account expired, please contact help desk.\n"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pam_account_locked_message (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Allows a custom lockout message to be set, replacing the default 'Permission "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"denied' message."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"pam_account_locked_message = Account locked, please contact help desk.\n"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pam_cert_auth (bool)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Enable certificate based Smartcard authentication. Since this requires "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"additional communication with the Smartcard which will delay the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"authentication process this option is disabled by default."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1335 sssd.conf.5.xml:2875 sssd-ldap.5.xml:1087
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1114 sssd-ldap.5.xml:1514 sssd-ldap.5.xml:1535
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2041 include/ldap_id_mapping.xml:244
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: False"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "Voreinstellung: False"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pam_cert_db_path (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The path to the certificate database which contain the PKCS#11 modules to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"access the Smartcard."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: /etc/pki/nssdb (NSS version)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "p11_child_timeout (integer)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "How many seconds will pam_sss wait for p11_child to finish."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "pam_app_services (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Which PAM services are permitted to contact domains of type "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>application</quote>"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SUDO configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Sudo-Konfigurationsoptionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"These options can be used to configure the sudo service. The detailed "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Optionen können zur Konfiguration des Sudo-Dienstes verwendet werden. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Detaillierte Informationen zur Konfiguration von <citerefentry> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"zur Verwendung mit <citerefentry> <refentrytitle>sssd</refentrytitle> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> finden Sie in der Handbuchseite zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<citerefentry> <refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sudo_timed (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sudo_timed (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that implement time-dependent sudoers entries."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, ob die Attribute »sudoNotBefore« und »sudoNotAfter«, die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zeitabhängige »sudoers«-Einträge implementieren, ausgewertet werden oder "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_deref_threshold (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sudo_threshold (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_deref_threshold (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Maximum number of expired rules that can be refreshed at once. If number of "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"expired rules is below threshold, those rules are refreshed with "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>full refresh</quote> of sudo rules is triggered instead. This "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"threshold number also applies to IPA sudo command and command group searches."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "AUTOFS configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "AUTOFS-Konfigurationsoptionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "These options can be used to configure the autofs service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Optionen können zum Konfigurieren des Dienstes »autofs« benutzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "autofs_negative_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "autofs_negative_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies for how many seconds should the autofs responder negative cache "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hits (that is, queries for invalid map entries, like nonexistent ones) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"before asking the back end again."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, wie viele Sekunden der Autofs-Responder negative Treffer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zwischenspeichert (das bedeutet, Abfragen ungültiger Abbildeinträge, wie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht existierende), bevor das Backend erneut befragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SSH configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "SSH-Konfigurationsoptionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "These options can be used to configure the SSH service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Optionen können zum Konfigurieren des SSH-Dienstes benutzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ssh_hash_known_hosts (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ssh_hash_known_hosts (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Whether or not to hash host names and addresses in the managed known_hosts "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, ob Rechnernamen und Adressen in der verwalteten Datei "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»known_hosts« zusammengemischt werden oder nicht."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ssh_known_hosts_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ssh_known_hosts_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds to keep a host in the managed known_hosts file after its "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"host keys were requested."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang ein Rechner in der verwalteten Datei "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"»known_hosts« behalten wird, bevor seine Rechnerschlüssel abgefragt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 180"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 180"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "ca_db (string)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Path to a storage of trusted CA certificates. The option is used to validate "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"user certificates before deriving public ssh keys from them."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: /etc/pki/nssdb"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "PAC responder configuration options"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "PAC-Responder-Konfigurationsoptionen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The PAC responder works together with the authorization data plugin for MIT "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kerberos sssd_pac_plugin.so and a sub-domain provider. The plugin sends the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider collects domain SID and ID ranges of the domain the client is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"joined to and of remote trusted domains from the local domain controller. If "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the PAC is decoded and evaluated some of the following operations are done:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"If the remote user does not exist in the cache, it is created. The UID is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"determined with the help of the SID, trusted domains will have UPGs and the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"GID will have the same value as the UID. The home directory is set based on "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the subdomain_homedir parameter. The shell will be empty by default, i.e. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the system defaults are used, but can be overwritten with the default_shell "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If there are SIDs of groups from domains sssd knows about, the user will be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"added to those groups."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls es Gruppen-SIDs von Domains gibt, die SSSD kennt, wird der Benutzer zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"diesen Gruppen hinzugefügt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "These options can be used to configure the PAC responder."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "allowed_uids (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "allowed_uids (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the comma-separated list of UID values or user names that are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"allowed to access the PAC responder. User names are resolved to UIDs at "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gibt die durch Kommata getrennte Liste von UID-Werten oder Benutzernamen an, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"denen der Zugriff auf den PAC-Responder erlaubt ist. Benutzernamen werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beim Starten zu UIDs aufgelöst."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 0 (only the root user is allowed to access the PAC responder)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: 0 (Nur dem Benutzer Root ist der Zugriff auf den PAC-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Responder gestattet.)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that although the UID 0 is used as the default it will be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"overwritten with this option. If you still want to allow the root user to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access the PAC responder, which would be the typical case, you have to add 0 "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to the list of allowed UIDs as well."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass, obwohl die UID 0 als Voreinstellung benutzt wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"diese Option sie überschriebt. Falls Sie weiterhin dem Benutzer Root Zugriff "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auf den PAC-Responder gewähren möchten, was der Normalfall ist, müssen Sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Liste der erlaubten UIDs auch die 0 hinzufügen."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "pac_lifetime (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"data can be used to determine the group memberships of a user."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "PAC responder configuration options"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Session recording configuration options"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "PAC-Responder-Konfigurationsoptionen"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "This manual page describes the configuration of the AD provider for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Session recording works in conjunction with <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, a part of tlog package, to log what users see and type when "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "These options can be used to configure any service."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "These options can be used to configure session recording."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Diese Optionen können zur Konfiguration jedes Dienstes benutzt werden."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1593 sssd-session-recording.5.xml:64
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "sudo_provider (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "scope (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "sudo_provider (Zeichenkette)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1600 sssd-session-recording.5.xml:71
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "none"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "\"none\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "none"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1603 sssd-session-recording.5.xml:74
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "No users are recorded."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1608 sssd-session-recording.5.xml:79
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "\"some\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1611 sssd-session-recording.5.xml:82
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Append this user to groups specified by the <replaceable>GROUPS</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "is a comma separated list of group names."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Users/groups specified by <replaceable>users</replaceable> and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<replaceable>groups</replaceable> options are recorded."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"hängt diesen Benutzer an die Gruppen an, die durch den Parameter "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<replaceable>GRUPPEN</replaceable> angegeben werden. Der Parameter "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"von Gruppennamen."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1620 sssd-session-recording.5.xml:91
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "\"all\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1623 sssd-session-recording.5.xml:94
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "All users are recorded."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1596 sssd-session-recording.5.xml:67
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The following expansions are supported: <placeholder type=\"variablelist"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"One of the following strings specifying the scope of session recording: "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Die folgenden Erweiterungen werden unterstützt: <placeholder type="
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1630 sssd-session-recording.5.xml:101
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: none"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: \"none\""
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Voreinstellung: none"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1635 sssd-session-recording.5.xml:106
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "skel_dir (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "users (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "skel_dir (Zeichenkette)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1638 sssd-session-recording.5.xml:109
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"A comma-separated list of users which should have session recording enabled. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Matches user names as returned by NSS. I.e. after the possible space "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"replacement, case changes, etc."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1644 sssd-session-recording.5.xml:115
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: empty, i.e. ldap_uri is used."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: Empty. Matches no users."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1649 sssd-session-recording.5.xml:120
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_group_name (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "groups (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_group_name (Zeichenkette)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1652 sssd-session-recording.5.xml:123
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"A comma-separated list of groups, members of which should have session "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"recording enabled. Matches group names as returned by NSS. I.e. after the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"possible space replacement, case changes, etc."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1658 sssd-session-recording.5.xml:129
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"NOTE: using this option (having it set to anything) has a considerable "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"performance cost, because each uncached request for a user requires "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"retrieving and matching the groups the user is member of."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1665 sssd-session-recording.5.xml:136
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: Empty. Matches no groups."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "DOMAIN SECTIONS"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "DOMAIN-ABSCHNITTE"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "domain_type (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Specifies whether the domain is meant to be used by POSIX-aware clients such "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"as the Name Service Switch or by applications that do not need POSIX data to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"be present or generated. Only objects from POSIX domains are available to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the operating system interfaces and utilities."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Allowed values for this option are <quote>posix</quote> and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>application</quote>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"POSIX domains are reachable by all services. Application domains are only "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"reachable from the InfoPipe responder (see <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>) and the PAM responder."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"NOTE: The application domains are currently well tested with "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>id_provider=ldap</quote> only."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For an easy way to configure a non-POSIX domains, please see the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>Application domains</quote> section."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: posix"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "min_id,max_id (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "min_id,max_id (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"UID and GID limits for the domain. If a domain contains an entry that is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"outside these limits, it is ignored."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"UID- und GID-Beschränkungen für die Domain. Falls eine Domain einen Eintrag "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enthält, der jenseits dieser Beschränkungen liegt, wird er ignoriert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For users, this affects the primary GID limit. The user will not be returned "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to NSS if either the UID or the primary GID is outside the range. For non-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"primary group memberships, those that are in range will be reported as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dies beeinflusst die Haupt-GID-Beschränkung für Benutzer. Der Benutzer wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht an NSS zurückgegeben, falls entweder die UID oder die Haupt-GID "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"außerhalb des Bereichs liegt. Bei Mitgliedschaften in Nichthauptgruppen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden jene, die im Bereich liegen, wie erwartet gemeldet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"These ID limits affect even saving entries to cache, not only returning them "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"by name or ID."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese ID-Beschränkungen beeinflussen sogar das Speichern von Einträgen in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den Zwischenspeicher und nicht nur ihre Rückgabe über Name oder ID."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 1 for min_id, 0 (no limit) for max_id"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 1 für »min_id«, 0 (keine Beschränkung) für »max_id«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "enumerate (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "enumerate (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Determines if a domain can be enumerated, that is, whether the domain can "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"list all the users and group it contains. Note that it is not required to "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"enable enumeration in order for secondary groups to be displayed. This "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"parameter can have one of the following values:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "TRUE = Users and groups are enumerated"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "TRUE = Benutzer und Gruppen werden aufgezählt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "FALSE = No enumerations for this domain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "FALSE = keine Aufzählungen für diese Domain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1761 sssd.conf.5.xml:1983 sssd.conf.5.xml:2150
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: FALSE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: FALSE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Enumerating a domain requires SSSD to download and store ALL user and group "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"entries from the remote server."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "Note: Enabling enumeration has a moderate performance impact on SSSD "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "while enumeration is running. It may take up to several minutes after "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "SSSD startup to fully complete enumerations. During this time, "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "individual requests for information will go directly to LDAP, though it "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "may be slow, due to the heavy enumeration processing. Saving a large "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "number of entries to cache after the enumeration completes might also be "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "CPU intensive as the memberships have to be recomputed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Note: Enabling enumeration has a moderate performance impact on SSSD while "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enumeration is running. It may take up to several minutes after SSSD startup "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to fully complete enumerations. During this time, individual requests for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"information will go directly to LDAP, though it may be slow, due to the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"heavy enumeration processing. Saving a large number of entries to cache "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"after the enumeration completes might also be CPU intensive as the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"memberships have to be recomputed. This can lead to the <quote>sssd_be</"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"quote> process becoming unresponsive or even restarted by the internal "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Hinweis: Aktivieren der Aufzählung hat mäßige Auswirkungen auf die Leistung "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"von SSSD, während die Aufzählung läuft. Das Vervollständigen der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aufzählungen kann nach dem Start von SSSD mehrere Minuten dauern. Während "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dieser Zeit werden individuelle Abfragen von Informationen direkt an LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gehen, obwohl es aufgrund des Aufzählungsprozesses möglicherweise langsam "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ist. Speichern einer großen Menge von Einträgen in den Zwischenspeicher, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nachdem die Aufzählung vollständig ist, kann ebenfalls CPU-lastig sein, da "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Mitgliedschaften neu berechnet werden müssen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"While the first enumeration is running, requests for the complete user or "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"group lists may return no results until it completes."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Während die erste Aufzählung läuft, geben Anfragen nach vollständigen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzer- oder Gruppenlisten möglicherweise bis zur Fertigstellung keine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ergebnisse zurück."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Further, enabling enumeration may increase the time necessary to detect "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"network disconnection, as longer timeouts are required to ensure that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enumeration lookups are completed successfully. For more information, refer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to the man pages for the specific id_provider in use."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Darüber hinaus kann das Aktivieren der Aufzählung dazu führen, dass "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Netzwerkausfälle erst später entdeckt werden. Dies kommt daher, dass längere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zeitüberschreitungen vonnöten sind, um sicherzustellen, dass das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Nachschlagen von Aufzählungen vollständig erfolgreich war. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen finden Sie in den Handbuchseiten für den jeweils aktuell "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzten »id_provider«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For the reasons cited above, enabling enumeration is not recommended, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"especially in large environments."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aus den oben genannten Gründen wird das Aktivieren von Aufzählungen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"insbesondere in großen Umgebungen, nicht empfohlen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "subdomain_enumerate (string)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "subdomain_enumerate (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "All discovered trusted domains will be enumerated"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Alle entdeckten vertrauenswürdigen Domains werden aufgezählt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "none"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "No discovered trusted domains will be enumerated"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Keine der entdeckten vertrauenswürdigen Domains wird aufgezählt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Whether any of autodetected trusted domains should be enumerated. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optionally, a list of one or more domain names can enable enumeration just "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for these trusted domains."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Legt fest, ob eventuell automatisch erkannte vertrauenswürdige Domains "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"aufgezählt werden sollen. Folgende Werte werden unterstützt: <placeholder "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"type=\"variablelist\" id=\"0\"/> Optional wird eine Liste aus einer oder "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"mehreren Domain-Namen die Aufzählung für genau diese vertrauenswürdigen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Domains aktivieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should nss_sss consider entries valid before asking the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"backend again"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang »nss_sss« Einträge als gültig betrachten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"soll, bevor das Backend erneut abgefragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The cache expiration timestamps are stored as attributes of individual "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"objects in the cache. Therefore, changing the cache timeout only has effect "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"for newly added or expired entries. You should run the <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"citerefentry> tool in order to force refresh of entries that have already "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"been cached."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die Ablaufzeitstempel werden als Attribute individueller Objekte im "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Zwischenspeicher gespeichert. Daher zeigt die Änderung der Ablaufzeiten im "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Zwischenspeicher nur Wirkung bei neu hinzugefügten oder abgelaufenen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Einträgen. Sie sollten <citerefentry> <refentrytitle>sss_cache</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> ausführen, um die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Aktualisierung von Einträgen zu erzwingen, die bereits zwischengespeichert "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 5400"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 5400"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_user_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_user_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should nss_sss consider user entries valid before asking "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the backend again"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang »nss_sss« Benutzereinträge als gültig "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"betrachten soll, bevor das Backend erneut abgefragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1864 sssd.conf.5.xml:1877 sssd.conf.5.xml:1890
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1903 sssd.conf.5.xml:1916 sssd.conf.5.xml:1930
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: entry_cache_timeout"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: entry_cache_timeout"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_group_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_group_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should nss_sss consider group entries valid before asking "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the backend again"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang »nss_sss« Gruppeneinträge als gültig "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"betrachten soll, bevor das Backend erneut abgefragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_netgroup_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_netgroup_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should nss_sss consider netgroup entries valid before "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"asking the backend again"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang »nss_sss« Netzgruppeneinträge als gültig "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"betrachten soll, bevor das Backend erneut abgefragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_service_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_service_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should nss_sss consider service entries valid before asking "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the backend again"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang »nss_sss« Diensteinträge als gültig "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"betrachten soll, bevor das Backend erneut abgefragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_sudo_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_sudo_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should sudo consider rules valid before asking the backend "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang Sudo Regeln als gültig betrachten soll, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bevor das Backend erneut abgefragt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "entry_cache_autofs_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "entry_cache_autofs_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds should the autofs service consider automounter maps valid "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"before asking the backend again"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie viele Sekunden lang der Dienst »autofs« Abbilder des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Automounters als gültig betrachten soll, bevor das Backend erneut abgefragt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "entry_cache_ssh_host_timeout (integer)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"How many seconds to keep a host ssh key after refresh. IE how long to cache "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the host key for."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "refresh_expired_interval (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "refresh_expired_interval (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Specifies how many seconds SSSD has to wait before triggering a background "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"refresh task which will refresh all expired or nearly expired records."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Legt die Anzahl der Sekunden fest, die SSSD warten soll, bevor eine neuer "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Prozess der Aktualisierung im Hintergrund ausgelöst wird, bei dem alle "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"abgelaufenen oder beinahe abgelaufenen Daten aktualisiert werden."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"The background refresh will process users, groups and netgroups in the cache."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "You can consider setting this value to 3/4 * entry_cache_timeout."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sie können in Betracht ziehen, diesen Wert auf 3/4 * entry_cache_timeout zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:1966 sssd-ldap.5.xml:746 sssd-ipa.5.xml:254
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 0 (disabled)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 0 (deaktiviert)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "cache_credentials (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "cache_credentials (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Determines if user credentials are also cached in the local LDB cache"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, ob auch Benutzerberechtigungen im lokalen LDB-Zwischenspeicher "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zwischengespeichert werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "User credentials are stored in a SHA512 hash, not in plaintext"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzerberechtigungen werden in einem SHA512-Hash, nicht im Klartext "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gespeichert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "cache_credentials_minimal_first_factor_length (int)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"this value determines the minimal length the first authentication factor "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"(long term password) must have to be saved as SHA512 hash into the cache."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"the cache which would make them easy targets for brute-force attacks."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "Default: 8"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "account_cache_expiration (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "account_cache_expiration (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Number of days entries are left in cache after last successful login before "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"being removed during a cleanup of the cache. 0 means keep forever. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"value of this parameter must be greater than or equal to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"offline_credentials_expiration."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anzahl der Tage, während der Einträge nach einer erfolgreichen Anmeldung im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zwischenspeicher bleiben, bevor sie im Laufe der Zwischenspeicherbereinigung "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entfernt werden. 0 bedeutet, für immer aufbewahren. Der Wert dieses "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Parameters muss größer oder gleich »offline_credentials_expiration« sein."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 0 (unlimited)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 0 (unbegrenzt)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "pwd_expiration_warning (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "pwd_expiration_warning (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that the backend server has to provide information about the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"expiration time of the password. If this information is missing, sssd "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"cannot display a warning. Also an auth provider has to be configured for the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass der Backend-Server Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ablaufzeit des Passworts bereitstellen muss. Fehlt diese Information, kann "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD keine Warnung anzeigen. Außerdem muss für das Backend ein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierungsanbieter konfiguriert werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 7 (Kerberos), 0 (LDAP)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 7 (Kerberos), 0 (LDAP)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "id_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "id_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The identification provider used for the domain. Supported ID providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der für die Domain benutzte Authentifizierungsanbieter. Folgende ID-Anbieter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>proxy</quote>: Support a legacy NSS provider"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»proxy«: unterstützt einen veralteten NSS-Anbieter."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>local</quote>: SSSD internal provider for local users"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»local«: SSSDs interner Anbieter für lokale Benutzer"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"information on configuring LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap«: LDAP-Anbieter: Weitere Informationen über die Konfiguration von LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"finden Sie unter <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2071 sssd.conf.5.xml:2176 sssd.conf.5.xml:2231
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ipa«: Anbieter von FreeIPA und Red Hat Enterprise Identity Management. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über die Konfiguration von FreeIPA finden Sie unter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2080 sssd.conf.5.xml:2185 sssd.conf.5.xml:2240
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring Active Directory."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ad«: Active-Directory-Anbieter: Weitere Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration von Active Directory finden Sie unter <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "use_fully_qualified_names (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "use_fully_qualified_names (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Use the full name and domain (as formatted by the domain's full_name_format) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"as the user's login name reported to NSS."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt den vollständigen Namen und die Domain (wie sie durch das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»full_name_format« der Domain formatiert wurde) als Anmeldenamen des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzers, der an NSS gemeldet wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If set to TRUE, all requests to this domain must use fully qualified names. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For example, if used in LOCAL domain that contains a \"test\" user, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>getent passwd test</command> wouldn't find the user while "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>getent passwd test@LOCAL</command> would."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ist dies auf TRUE gesetzt, müssen Anfragen an diese Domain voll "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"qualifizierte Namen benutzen. Falls zum Beispiel <command>getent passwd "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"test</command> in der Domain LOCAL benutzt wird, die einen Benutzer »test« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enthält, würde der Benutzer nicht gefunden, <command>getent passwd "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"test@LOCAL</command> würde ihn hingegen finden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: This option has no effect on netgroup lookups due to their tendency to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"include nested netgroups without qualified names. For netgroups, all domains "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"will be searched when an unqualified name is requested."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ACHTUNG: Diese Option ist bei Netzgruppen-Suchanfragen wirkungslos, da diese "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"dazu tendieren, verschachtelte Netzgruppen ohne voll qualifizierte Namen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"einzubeziehen. Bei Netzgruppen werden alle Domains durchsucht, wenn ein "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"nicht voll qualifizierter Name angefragt wird."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "Default: FALSE (TRUE if default_domain_suffix is used)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ignore_group_members (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ignore_group_members (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Do not return group members for group lookups."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt beim Nachschlagen der Gruppe nicht die Gruppenmitglieder zurück."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If set to TRUE, the group membership attribute is not requested from the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap server, and group members are not returned when processing group lookup "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"return the requested group as if it was empty."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Enabling this option can also make access provider checks for group "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"membership significantly faster, especially for groups containing many "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "auth_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "auth_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The authentication provider used for the domain. Supported auth providers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der für diese Domain benutzte Authentifizierungsanbieter. Folgende "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierungsanbieter werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap« für native LDAP-Authentifizierung. Weitere Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration von LDAP finden Sie unter <citerefentry> <refentrytitle>sssd-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring Kerberos."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»krb5« für Kerberos-Authentifizierung. Weitere Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration von Kerberos finden Sie unter <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>proxy</quote> for relaying authentication to some other PAM target."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»proxy« zur Weitergabe der Authentifizierung an irgendein anderes PAM-Ziel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disables authentication explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« deaktiviert explizit die Authentifizierung."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: <quote>id_provider</quote> is used if it is set and can handle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentication requests."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: »id_provider« wird, falls es gesetzt ist, benutzt und kann "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mit Authentifizierungsanfragen umgehen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "access_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "access_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The access control provider used for the domain. There are two built-in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access providers (in addition to any included in installed backends) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Internal special providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der für diese Domain benutzte Zugriffssteuerungsanbieter. Es gibt zwei "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"integrierte Zugriffsanbieter (zusätzlich zu denen, die in den installierten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Backends enthalten sind). Interne Spezialanbieter sind:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>permit</quote> always allow access. It's the only permitted access "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider for a local domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»permit« gibt immer Zugriff. Es ist der einzige erlaubte Zugriffsanbieter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"für eine lokale Domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>deny</quote> always deny access."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»deny« verweigert dem Zugriff immer."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>simple</quote> access control based on access or deny lists. See "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum></citerefentry> for more information on configuring the simple "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access module."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»simple«: Zugriffssteuerung basierend auf Zugriffs- oder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verweigerungslisten. Weitere Informationen über die Konfiguration des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einfachen Zugriffsmoduls finden sie unter <citerefentry> <refentrytitle>sssd-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"simple</refentrytitle> <manvolnum>5</manvolnum></citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"citerefentry> for more information on configuring Kerberos."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<quote>proxy</quote> for relaying access control to another PAM module."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <quote>permit</quote>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: »permit«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "chpass_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "chpass_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The provider which should handle change password operations for the domain. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Supported change password providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Anbieter, der Passwortänderungsaktionen für die Domain handhaben soll. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Folgende Anbieter von Passwortänderungen werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>ldap</quote> to change a password stored in a LDAP server. See "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> for more information on configuring LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring Kerberos."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»krb5« zum Ändern des Kerberos-Passworts. Weitere Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration von Kerberos finden Sie unter <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>proxy</quote> for relaying password changes to some other PAM target."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»proxy« zur Weitergabe der Passwortänderung an irgendein anderes PAM-Ziel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disallows password changes explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« verbietet explizit Passwortänderungen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: <quote>auth_provider</quote> is used if it is set and can handle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"change password requests."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: »auth_provider« wird, falls es gesetzt ist, benutzt und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann mit Passwortänderungsanfragen umgehen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sudo_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sudo_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The SUDO provider used for the domain. Supported SUDO providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der für diese Domain benutzte Sudo-Anbieter. Folgende Sudo-Anbieter werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap« für die in LDAP gespeicherten Regeln. Weitere Informationen über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration von LDAP finden Sie unter <citerefentry> <refentrytitle>sssd-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>ipa</quote> ist gleichbedeutend mit <quote>ldap</quote>, aber mit den "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Vorgabeeinstellungen für IPA."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>ad</quote> ist gleichbedeutend mit <quote>ldap</quote>, aber mit den "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Vorgabeeinstellungen für AD."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disables SUDO explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« deaktiviert explizit Sudo."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2351 sssd.conf.5.xml:2437 sssd.conf.5.xml:2507
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: The value of <quote>id_provider</quote> is used if it is set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The detailed instructions for configuration of sudo_provider are in the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"options that can be used to adjust the behavior. Please refer to "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Detaillierte Informationen zur Konfiguration von sudo_provider finden Sie in "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>. Es gibt zahlreiche verwendbare "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Konfigurationsoptionen, mit denen das Verhalten angepasst werden kann. Siehe "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"»ldap_sudo_*« in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"background unless the sudo provider is explicitly disabled. Set "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"activity in SSSD if you do not want to use sudo with SSSD at all."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "selinux_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "selinux_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The provider which should handle loading of selinux settings. Note that this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider will be called right after access provider ends. Supported selinux "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Anbieter, der das Laden der SELinux-Einstellungen handhaben soll. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beachten Sie, dass dieser Anbieter direkt aufgerufen wird, nachdem sich der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zugriffsanbieter beendet hat. Folgende SELinux-Anbieter werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ipa</quote> to load selinux settings from an IPA server. See "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> for more information on configuring IPA."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ipa«, um SELinux-Einstellungen von einem IPA-Server zu laden. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen über die Konfiguration von FreeIPA finden Sie unter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disallows fetching selinux settings explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« verbietet explizit das Abholen von SELinux-Einstellungen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: <quote>id_provider</quote> is used if it is set and can handle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"selinux loading requests."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt. Er "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann SELinux-Ladeanfragen handhaben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "subdomains_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "subdomains_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The provider which should handle fetching of subdomains. This value should "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"be always the same as id_provider. Supported subdomain providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Anbieter, der das Abholen von Subdomains handhaben soll. Dieser Wert "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sollte immer derselbe sein wie »id_provider«. Folgende Subdomain-Anbieter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> for more information on configuring IPA."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ipa«, um eine Liste mit Subdomains von einem IPA-Server zu laden. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"<quote>ad</quote> to load a list of subdomains from an Active Directory "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"the AD provider."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disallows fetching subdomains explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« deaktiviert explizit das Abholen von Subdomains."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "selinux_provider (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "session_provider (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "selinux_provider (Zeichenkette)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The provider which configures and manages user session related tasks. The "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"only user session task currently provided is the integration with Fleet "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Commander, which works only with IPA. Supported session providers are:"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "<quote>ipa</quote> to allow performing user session related tasks."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>none</quote> does not perform any kind of user session related tasks."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "selinux loading requests."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Default: <quote>id_provider</quote> is used if it is set and can perform "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"session related tasks."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Voreinstellung: Falls gesetzt, wird der Wert von »id_provider« benutzt. Er "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"kann SELinux-Ladeanfragen handhaben."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"SSSD must be running as \"root\" and not as the unprivileged user."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "autofs_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "autofs_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The autofs provider used for the domain. Supported autofs providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der für diese Domain benutzte Anbieter von »autofs«. Folgende Anbieter von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»autofs« werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap«, um in LDAP gespeicherte Abbilder zu laden. Weitere Informationen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"über die Konfiguration von LDAP finden Sie unter <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information on configuring IPA."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ipa«, um auf einem IPA-Server gespeicherte Abbilder zu laden. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen über die Konfiguration von IPA finden Sie unter <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"citerefentry> for more information on configuring the AD provider."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disables autofs explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« deaktiviert explizit »autofs«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "hostid_provider (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "hostid_provider (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The provider used for retrieving host identity information. Supported "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hostid providers are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Anbieter, der zum Abfragen der Rechneridentitätsinformationen benutzt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird. Folgende Anbieter von »hostid« werden unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ipa</quote> to load host identity stored in an IPA server. See "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> for more information on configuring IPA."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ipa«, um die auf einem IPA-Server gespeicherte Rechneridentität zu laden. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über die Konfiguration von IPA finden Sie unter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<quote>none</quote> disables hostid explicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "»none« deaktiviert explizit »hostid«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regular expression for this domain that describes how to parse the string "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"containing user name and domain into these components. The \"domain\" can "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"match either the SSSD configuration domain name, or, in the case of IPA "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"regulärer Ausdruck, der beschreibt, in welche Bestandteile die Zeichenkette "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mit Benutzernamen und Domain bei der Auswertung zerlegt werden soll. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»Domain« kann entweder dem Domain-Namen der SSSD-Konfiguration oder im Fall "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"vertrauenswürdiger IPA-Subdomains und Active-Directory-Domains dem flachen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(NetBIOS-) Namen der Domain entsprechen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"P<name>[^@\\\\]+)$))</quote> which allows three different styles for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung für den AD- oder IPA-Anbieter: »(((?P<Domain>[^\\\\]+)\\"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\\(?P<Name>.+$))|((?P<Name>[^@]+)@(?P<Domain>.+$))|(^(?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"P<Name>[^@\\\\]+)$))« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "username"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Benutzername"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "username@domain.name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Benutzername@Domain.Name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "domain\\username"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Domain\\Benutzername"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"While the first two correspond to the general default the third one is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"introduced to allow easy integration of users from Windows domains."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Während die ersten beiden der allgemeinen Voreinstellung entsprechen, wurde "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die dritte eingeführt, um eine einfache Eingliederung von Benutzern aus "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Windows-Domains zu ermöglichen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"which translates to \"the name is everything up to the <quote>@</quote> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sign, the domain everything after that\""
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: »(?P<Name>[^@]+)@?(?P<Domain>[^@]*$)«, was "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bedeutet »der Name ist alles bis zum »@«-Zeichen, die Domain alles danach«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"PLEASE NOTE: the support for non-unique named subpatterns is not available "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"on all platforms (e.g. RHEL5 and SLES10). Only platforms with libpcre "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"version 7 or higher can support non-unique named subpatterns."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"BITTE BEACHTEN SIE: Die Unterstützung für nicht eindeutig benannte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Musterteile ist nicht auf allen Plattformen (z.B. RHEL5 und SLES10) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"vorhanden. Nur Plattformen mit Libpcre Version 7 oder höher können nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eindeutig benannte Musterteile unterstützen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"P<name>) to label subpatterns."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"BITTE BEACHTEN SIE AUCH: Ältere Versionen von Libpcre unterstützen für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beschriftungsmusterteile nur die Python-Syntax (?P<Name>)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <quote>%1$s@%2$s</quote>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: »%1$s@%2$s«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "lookup_family_order (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "lookup_family_order (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Provides the ability to select preferred address family to use when "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"performing DNS lookups."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ermöglicht es, die bei DNS-Abfragen zu bevorzugende Adressfamilie zu wählen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Supported values:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "unterstützte Werte:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ipv4_first: versucht die IPv4- und, falls dies fehlschlägt, die IPv6-Adresse "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nachzuschlagen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipv4_only: versucht, nur Rechnernamen zu IPv4-Adressen aufzulösen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ipv6_first: versucht die IPv6- und, falls dies fehlschlägt, die IPv4-Adresse "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nachzuschlagen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipv6_only: versucht, nur Rechnernamen zu IPv6-Adressen aufzulösen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: ipv4_first"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: ipv4_first"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dns_resolver_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dns_resolver_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "resolver before assuming that it is unreachable. If this timeout is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "reached, the domain will continue to operate in offline mode."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Defines the amount of time (in seconds) to wait for a reply from the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"internal fail over service before assuming that the service is unreachable. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"If this timeout is reached, the domain will continue to operate in offline "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"definiert die Zeit (in Sekunden), die auf eine Antwort vom DNS-Resolver "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gewartet werden soll, bevor davon ausgegangen wird, dass er nicht erreichbar "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ist. Falls diese Zeitüberschreitung auftritt, wird die Domain weiterhin im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Offline-Modus arbeiten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please see the section <quote>FAILOVER</quote> for more information about "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the service resolution."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd.conf.5.xml:2679 sssd-ldap.5.xml:1396 sssd-ldap.5.xml:1438
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 6"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 6"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dns_discovery_domain (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dns_discovery_domain (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If service discovery is used in the back end, specifies the domain part of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the service discovery DNS query."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls die Dienstsuche im Backend benutzt wird, gibt dies den Domain-Teil der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DNS-Dienstabfrage an."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Use the domain part of machine's hostname"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: Der Domain-Teil des Rechnernamens wird benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "override_gid (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "override_gid (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Override the primary GID value with the one specified."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "überschreibt die Haupt-GID mit der angegebenen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "case_sensitive (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Case sensitive. This value is invalid for AD provider."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "False"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Case insensitive."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Preserving"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Same as False (case insensitive), but does not lowercase names in the result "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"of NSS operations. Note that name aliases (and in case of services also "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"protocol names) are still lowercased in the output."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Treat user and group names as case sensitive. At the moment, this option is "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"not supported in the local provider. Possible option values are: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: True (False for AD provider)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "subdomain_inherit (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Specifies a list of configuration parameters that should be inherited by a "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"subdomain. Please note that only selected parameters can be inherited. "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Currently the following options can be inherited:"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ignore_group_members"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_purge_cache_timeout"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_use_tokengroups"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "ldap_use_tokengroups"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_user_principal"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"is not set explicitly)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"subdomain_inherit = ldap_purge_cache_timeout\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Note: This option only works with the IPA and AD provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "subdomain_homedir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "subdomain_homedir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "flat (NetBIOS) name of a subdomain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "flacher (NetBIOS-) Name einer Subdomain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Use this homedir as default value for all subdomains within this domain in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"possible values. In addition to those, the expansion below can only be used "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"\"variablelist\" id=\"0\"/>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Dieses Home-Verzeichnis wird als Vorgabewert für alle Subdomains innerhalb "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"dieser Domain im IPA-AD-Trust verwendet. In <emphasis>override_homedir</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"emphasis> finden Sie Informationen zu möglichen Werten. Außerdem kann die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"nachfolgende Expansion nur mit <emphasis>subdomain_homedir</emphasis> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwendet werden. <placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The value can be overridden by <emphasis>override_homedir</emphasis> option."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Wert kann mit der Option <emphasis>override_homedir</emphasis> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"überschrieben werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <filename>/home/%d/%u</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: <filename>/home/%d/%u</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "realmd_tags (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "realmd_tags (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Various tags stored by the realmd configuration service for this domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verschiedene vom Konfigurationsdienst »realmd« für diese Domain gespeicherte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kennzeichnungen"
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozekmsgid "cached_auth_timeout (int)"
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"Specifies time in seconds since last successful online authentication for "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"which user will be authenticated using cached credentials while SSSD is in "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"the online mode."
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozekmsgid "Special value 0 implies that this feature is disabled."
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"Please note that if <quote>cached_auth_timeout</quote> is longer than "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"<quote>pam_id_timeout</quote> then the back end could be called to handle "
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek"<quote>initgroups.</quote>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "autofs_provider (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "auto_private_groups (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "autofs_provider (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"If this option is enabled, SSSD will automatically create user private "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"groups based on user's UID number. The GID number is ignored in this case."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"For POSIX subdomains, setting the option in the main domain is inherited in "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"the subdomain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"For ID-mapping subdomains, auto_private_groups is already enabled for the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"subdomains and setting it to false will not have any effect for the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"NOTE: Because the GID number and the user private group are inferred from "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"the UID number, it is not supported to have multiple entries with the same "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"UID or GID number with this option. In other words, enabling this option "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"enforces uniqueness across the ID space."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"These configuration options can be present in a domain configuration "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Konfigurationsoptionen können in einem Abschnitt einer Domain-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration vorhanden sein, das heißt, in einem Abschnitt namens "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>[domain/<replaceable>NAME</replaceable>]</quote> <placeholder type="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "proxy_pam_target (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "proxy_pam_target (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The proxy target PAM proxies to."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das Proxy-Ziel, an das PAM weiterleitet"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: not set by default, you have to take an existing pam configuration "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"or create a new one and add the service name here."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: standardmäßig nicht gesetzt, Sie müssen eine bestehende PAM-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration nehmen oder eine neue erstellen und hier den Dienstnamen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "proxy_lib_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "proxy_lib_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The name of the NSS library to use in proxy domains. The NSS functions "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"searched for in the library are in the form of _nss_$(libName)_$(function), "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for example _nss_files_getpwent."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Name der NSS-Bibliothek, der für die Proxy-Domains benutzt werden soll. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die in der NSS-Funktionen gesuchten Funktionen haben die Form »_nss_"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"$(libName)_$(function)«, zum Beispiel »_nss_files_getpwent«."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "proxy_fast_alias (boolean)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgstr "proxy_fast_alias (Boolesch)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"When a user or group is looked up by name in the proxy provider, a second "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"lookup by ID is performed to \"canonicalize\" the name in case the requested "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"name was an alias. Setting this option to true would cause the SSSD to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"perform the ID lookup from cache for performance reasons."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Wenn ein Benutzer oder eine Gruppe anhand des Namen im Anbieter »proxy« "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"nachgeschlagen wird, wird zusätzlich auch die ID aufgelöst. So wird der Name "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"für den Fall, dass er ein Alias ist, in eine »kanonische« Form gebracht. "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Diese Option auf »True« zu setzen würde SSSD aus Leistungsgründen dazu "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"veranlassen, die ID im Zwischenspeicher nachzuschlagen."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "proxy_max_children (integer)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This option specifies the number of pre-forked proxy children. It is useful "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"for high-load SSSD environments where sssd may run out of available child "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"slots, which would cause some issues due to the requests being queued."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gültige Optionen für Proxy-Domains. <placeholder type=\"variablelist\" id="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Application domains"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"applications as a gateway to an LDAP directory where users and groups are "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"stored. However, contrary to the traditional SSSD deployment where all users "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"and groups either have POSIX attributes or those attributes can be inferred "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"from the Windows SIDs, in many cases the users and groups in the application "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"support scenario have no POSIX attributes. Instead of setting a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"administrator can set up an <quote>[application/<replaceable>NAME</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"replaceable>]</quote> section that internally represents a domain with type "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>application</quote> optionally inherits settings from a tradition "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"SSSD domain."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Please note that the application domain must still be explicitly enabled in "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the <quote>domains</quote> parameter so that the lookup order between the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"application domain and its POSIX sibling domain is set correctly."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Application domain parameters"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "inherit_from (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The SSSD POSIX-type domain the application domain inherits all settings "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"from. The application domain can moreover add its own settings to the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"application settings that augment or override the <quote>sibling</quote> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"domain settings."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The following example illustrates the use of an application domain. In this "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"through the NSS responder. In addition, the application domain also requests "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the telephoneNumber attribute, stores it as the phone attribute in the cache "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"and makes the phone attribute reachable through the D-Bus interface."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"domains = appdom, posixdom\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"user_attributes = +phone\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"id_provider = ldap\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ldap_uri = ldap://ldap.example.com\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ldap_search_base = dc=example,dc=com\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"inherit_from = posixdom\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ldap_user_extra_attrs = phone:telephoneNumber\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The local domain section"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Der Abschnitt lokale Domain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This section contains settings for domain that stores users and groups in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD native database, that is, a domain that uses "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>id_provider=local</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dieser Abschnitt enthält Einstellungen für Domains, die Benutzer und Gruppen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ein einer nativen SSSD-Datenbank speichern, das heißt eine Domain, die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>ID_Anbieter=lokal</replaceable> benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "default_shell (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "default_shell (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The default shell for users created with SSSD userspace tools."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Standard-Shell für Anwender, die mit den SSSD-Werkzeugen für den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzerbereich erstellt wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <filename>/bin/bash</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: <filename>/bin/bash</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "base_directory (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "base_directory (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The tools append the login name to <replaceable>base_directory</replaceable> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"and use that as the home directory."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Werkzeuge hängen den Anmeldenamen an das <replaceable>Basisverzeichnis</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> und benutzen dies als Home-Verzeichnis."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <filename>/home</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: <filename>/home</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "create_homedir (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "create_homedir (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Indicate if a home directory should be created by default for new users. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Can be overridden on command line."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, ob standardmäßig ein Home-Verzeichnis für neue Benutzer erstellt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden soll; kann auf der Befehlszeile überschrieben werden"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: TRUE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: TRUE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "remove_homedir (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "remove_homedir (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Indicate if a home directory should be removed by default for deleted "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"users. Can be overridden on command line."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, ob das Home-Verzeichnis für gelöschte Benutzer standardmäßig "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entfernt werden soll; kann auf der Befehlszeile überschrieben werden"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "homedir_umask (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "homedir_umask (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"on a newly created home directory."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird von <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry> benutzt, um die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 077"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 077"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "skel_dir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "skel_dir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The skeleton directory, which contains files and directories to be copied in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the user's home directory, when the home directory is created by "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Verzeichnisvorlage, die Dateien und Verzeichnisse enthält, die in das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Home-Verzeichnis des Benutzers kopiert werden, wenn das Home-Verzeichnis "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"durch <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry> erstellt wird"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <filename>/etc/skel</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: <filename>/etc/skel</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "mail_dir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "mail_dir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The mail spool directory. This is needed to manipulate the mailbox when its "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"corresponding user account is modified or deleted. If not specified, a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"default value is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das Spool-Verzeichnis für E-Mails. Dies wird benötigt, um die Mailbox zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manipulieren, wenn das zugehörige Benutzerkonto verändert oder gelöscht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wurde. Ist dies nicht angegeben wird ein Standardwert verwendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <filename>/var/mail</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: <filename>/var/mail</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "userdel_cmd (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "userdel_cmd (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The command that is run after a user is removed. The command us passed the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"username of the user being removed as the first and only parameter. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"return code of the command is not taken into account."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Befehl, der nach dem Entfernen eines Benutzers ausgeführt wird. Dem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Befehl wird als erster und einziger Parameter der Benutzername des Anwenders "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"übergeben, der entfernt wird. Der Rückgabewert des Befehls wird nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"berücksichtigt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: None, no command is run"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: keine, es wird kein Befehl ausgeführt"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "TRUSTED DOMAIN SECTION"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"Some options used in the domain section can also be used in the trusted "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"domain section, that is, in a section called <quote>[domain/"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"domain. Please refer to examples below for explanation. Currently supported "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"options in the trusted domain section are:"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_user_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_group_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_netgroup_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ldap_service_search_base,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ad_server,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "ad_backup_server,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "ad_site,"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "use_fully_qualified_names"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"For more details about these options see their individual description in the "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"manual page."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "EXAMPLES"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domains = LDAP\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"services = nss, pam\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"config_file_version = 2\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filter_groups = root\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filter_users = root\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"id_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_uri = ldap://ldap.example.com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = dc=example,dc=com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auth_provider = krb5\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"krb5_realm = EXAMPLE.COM\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"cache_credentials = true\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"min_id = 10000\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"max_id = 20000\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enumerate = False\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domains = LDAP\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"services = nss, pam\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"config_file_version = 2\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filter_groups = root\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filter_users = root\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"id_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_uri = ldap://ldap.example.com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = dc=example,dc=com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auth_provider = krb5\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"krb5_realm = EXAMPLE.COM\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"cache_credentials = true\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"min_id = 10000\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"max_id = 20000\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enumerate = False\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The following example shows a typical SSSD config. It does not describe "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "configuration of the domains themselves - refer to documentation on "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "configuring domains for more details. <placeholder type=\"programlisting"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"1. The following example shows a typical SSSD config. It does not describe "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"configuration of the domains themselves - refer to documentation on "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"configuring domains for more details. <placeholder type=\"programlisting\" "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel zeigt eine typische SSSD-Konfiguration. Sie beschreibt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht die Konfiguration der Domains selbst – weitere Einzelheiten finden Sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in der Dokumentation zum Konfigurieren von Domains. <placeholder type="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"programlisting\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"use_fully_qualified_names = false\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"2. The following example shows configuration of IPA AD trust where the AD "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"forest consists of two domains in a parent-child structure. Suppose IPA "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"domain (ipa.com) has trust with AD domain(ad.com). ad.com has child domain "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"(child.ad.com). To enable shortnames in the child domain the following "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sssd-ldap"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sssd-ldap"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD LDAP provider"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "SSSD LDAP-Anbieter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This manual page describes the configuration of LDAP domains for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> manual page for detailed syntax information."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt die Konfiguration von LDAP-Domains für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry>. Detaillierte Syntax-Informationen finden Sie im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "You can configure SSSD to use more than one LDAP domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sie können SSSD so konfigurieren, dass es mehr als eine LDAP-Domain benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP back end supports id, auth, access and chpass providers. If you want to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authenticate against an LDAP server either TLS/SSL or LDAPS is required. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"over an unencrypted channel. If the LDAP server is used only as an identity "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider, an encrypted channel is not needed. Please refer to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap_access_filter</quote> config option for more information about "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"using LDAP as an access provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das LDAP-Backend unterstützt ID-, Authentifizierungs-, Zugriffs- und Chpass-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anbieter. Falls Sie sich bei einem LDAP-Server authentifizieren möchten, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird entweder TLS/SSL oder LDAPS benötigt. <command>sssd</command> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterstützt <emphasis>keine</emphasis> Authentifizierung über einen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unverschlüsselten Kanal. Falls der LDAP-Server nur als Identitätsanbieter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt wird, wird kein verschlüsselter Kanal benötigt. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen über die Verwendung von LDAP als Zugriffsanbieter finden Sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unter »ldap_access_filter«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:49 sssd-simple.5.xml:69 sssd-ipa.5.xml:81 sssd-ad.5.xml:112
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#: sssd-krb5.5.xml:63 sssd-ifp.5.xml:44 sssd-files.5.xml:57
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-secrets.5.xml:120 sssd-session-recording.5.xml:58 sssd-kcm.8.xml:139
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "CONFIGURATION OPTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "KONFIGURATIONSOPTIONEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_uri, ldap_backup_uri (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_uri, ldap_backup_uri (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"should connect in the order of preference. Refer to the <quote>FAILOVER</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"quote> section for more information on failover and server redundancy. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"neither option is specified, service discovery is enabled. For more "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gibt eine durch Kommata getrennte Liste der LDAP-Server-URIs in der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Reihenfolge an, in der sich SSSD mit ihnen verbinden soll. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen über Ausfallsicherung und Redundanz finden Sie im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»AUSFALLSICHERUNG«. Falls keine Option angegeben wurde, wird die Dienstsuche "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"aktiviert. Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The format of the URI must match the format defined in RFC 2732:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das Format der URI muss dem in RFC 2732 definierten Format entsprechen:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap[s]://<host>[:port]"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap[s]://<Rechner>[:Port]"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn Sie explizit IPv6-Adressen verwenden möchten, muss <Rechner> in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eckigen Klammern [] stehen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "example: ldap://[fc00::126:25]:389"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Beispiel: ldap://[fc00::126:25]:389"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_chpass_uri, ldap_chpass_backup_uri (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"should connect in the order of preference to change the password of a user. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Refer to the <quote>FAILOVER</quote> section for more information on "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"failover and server redundancy."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gibt eine durch Kommata getrennte Liste von URIs der LDAP-Server an, mit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"denen SSSD sich in dieser Reihenfolge verbinden soll, um das Passwort eines "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzers zu ändern. Weitere Informationen über Ausfallsicherung und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Redundanz finden Sie im Abschnitt »AUSFALLSICHERUNG«. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "To enable service discovery ldap_chpass_dns_service_name must be set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Um die Dienstsuche zu aktivieren, muss »ldap_chpass_dns_service_name« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gesetzt sein."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: empty, i.e. ldap_uri is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: leer, d.h., dass »ldap_uri« benutzt wird"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The default base DN to use for performing LDAP user operations."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Standardbasis-Domain-Name, der zur Durchführung von LDAP-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzeraktionen benutzt wird"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beginnend mit SSSD 1.7.0 unterstützt SSSD mehrere Suchgrundlagen mittels der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"search_base[?Gültigkeitsbereich?[Filter][?search_base?Gültigkeitsbereich?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Gültigkeitsbereich kann entweder »base«, »onelevel« oder »subtree« sein."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-ldap.5.xml:122 include/ldap_search_bases.xml:18
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The filter must be a valid LDAP search filter as specified by http://www."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Filter muss ein gültiger LDAP-Suchfilter, wie durch http://www.ietf.org/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"rfc/rfc2254.txt spezifiziert, sein."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:126 sssd-ldap.5.xml:662 sssd-ad.5.xml:283
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_override.8.xml:137 sss_override.8.xml:234
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Examples:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Beispiele:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = dc=example,dc=com (which is equivalent to) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = dc=example,dc=com?subtree?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = dc=example,dc=com (dies entspricht) ldap_search_base = "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dc=example,dc=com?subtree?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(host=thishost)?dc=example.com?subtree?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_search_base = cn=host_specific,dc=Beispiel,dc=com?Unterverzeichnis?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(host=Dieser_Rechner)?dc=example.com?Unterverzeichnis?"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Note: It is unsupported to have multiple search bases which reference "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"identically-named objects (for example, groups with the same name in two "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"different search bases). This will lead to unpredictable behavior on client "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Hinweis: Mehrere Suchgrundlagen, die sich auf Objekte mit gleichem Namen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beziehen, werden nicht unterstützt (zum Beispiel Gruppen mit demselben Namen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in zwei unterschiedlichen Suchgrundlagen). Dies wird zu unvorhersehbarem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verhalten auf Client-Rechnern führen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: If not set, the value of the defaultNamingContext or namingContexts "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"attribute from the RootDSE of the LDAP server is used. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"defaultNamingContext does not exist or has an empty value namingContexts is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"used. The namingContexts attribute must have a single value with the DN of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the search base of the LDAP server to make this work. Multiple values are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are not supported."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: Falls nicht gesetzt, wird der Wert der Attribute "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»defaultNamingContext« oder »namingContexts« vom RootDSE des LDAP-Servers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt. Falls »defaultNamingContext« nicht existiert oder ihr Wert leer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ist, wird »namingContexts« verwendet. Das Attribut »namingContexts« muss "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einen einzelnen Wert mit dem Domain-Namen der Suchgrundlage des LDAP-Servers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"haben, damit dies funktioniert. Mehrere Werte werden nicht unterstützt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_schema (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_schema (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the Schema Type in use on the target LDAP server. Depending on "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the selected schema, the default attribute names retrieved from the servers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"may vary. The way that some attributes are handled may also differ."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Schematyp an, der gerade auf dem Ziel-LDAP-Server benutzt wird. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abhängig vom ausgewählten Schema können sich die von den Servern geholten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Standardattributnamen stark unterscheiden. Die Art, wie einige Attribute "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gehandhabt werden, kann sich ebenfalls unterscheiden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Four schema types are currently supported:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Derzeit werden vier Schematypen unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "rfc2307"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "rfc2307"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "rfc2307bis"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "rfc2307bis"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The main difference between these schema types is how group memberships are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"recorded in the server. With rfc2307, group members are listed by name in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"group members are listed by DN and stored in the <emphasis>member</emphasis> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"attribute. The AD schema type sets the attributes to correspond with Active "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directory 2008r2 values."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Hauptunterschied zwischen diesen Schematypen besteht darin, wie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Gruppenmitgliedschaften auf dem Server aufgezeichnet werden. Mit »rfc2307« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden Gruppenmitglieder nach Namen im Attribut <emphasis>memberUid</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> aufgeführt. Mit »rfc2307bis« bis »IPA« werden die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Gruppenmitglieder nach Domain-Namen aufgeführt und im Attribut "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>member</emphasis> gespeichert. Der Schematyp »AD« setzt die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Attribute passend zu den Werten von Active Directory 2008r2."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: rfc2307"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: rfc2307"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_default_bind_dn (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_default_bind_dn (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The default bind DN to use for performing LDAP operations."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Standard-Bind-Domain-Name, der zum Durchführen von LDAP-Aktionen benutzt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_default_authtok_type (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_default_authtok_type (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The type of the authentication token of the default bind DN."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "der Typ des Authentifizierungs-Tokens des Standard-Bind-Domain-Namens"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The two mechanisms currently supported are:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Die beiden derzeit unterstützten Mechanismen sind:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "obfuscated_password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "obfuscated_password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_default_authtok (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_default_authtok (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The authentication token of the default bind DN. Only clear text passwords "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are currently supported."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das Authentifizierungs-Token des Standard-Bind-Domain-Namens. Derzeit werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nur Klartextpasswörter unterstützt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_object_class (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_object_class (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The object class of a user entry in LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Objektklasse eines Benutzereintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: posixAccount"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: posixAccount"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the user's login name."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das zum Anmeldenamen des Benutzers gehört"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_uid_number (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_uid_number (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the user's id."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das zu der ID des Benutzers gehört"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: uidNumber"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: uidNumber"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_gid_number (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_gid_number (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the user's primary group id."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das zu der Hauptgruppen-ID des Benutzers gehört"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: gidNumber"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: gidNumber"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "ldap_user_primary_group (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Active Directory primary group attribute for ID-mapping. Note that this "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"attribute should only be set manually if you are running the <quote>ldap</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"quote> provider with ID mapping."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: unset (LDAP), primaryGroupID (AD)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_gecos (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_gecos (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the user's gecos field."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das zum Gecos-Feld des Benutzers gehört"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: gecos"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: gecos"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_home_directory (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_home_directory (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that contains the name of the user's home directory."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das den Namen des Home-Verzeichnisses des Benutzers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: homeDirectory"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "Voreinstellung: homeDirectory"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shell (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shell (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that contains the path to the user's default shell."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das den Pfad zur Standard-Shell des Benutzers enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: loginShell"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: loginShell"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_user_uuid (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "The LDAP attribute that contains the UUID/GUID of an LDAP user object."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_objectsid (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_objectsid (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains the objectSID of an LDAP user object. This "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is usually only necessary for ActiveDirectory servers."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das die objectSID eines LDAP-Benutzerobjekts enthält. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dies wird normalerweise nur für Active-Directory-Server benötigt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: objectSid for ActiveDirectory, not set for other servers."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_modify_timestamp (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_modify_timestamp (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:389 sssd-ldap.5.xml:980 sssd-ldap.5.xml:1203
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains timestamp of the last modification of the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"parent object."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das den Zeitstempel der letzten Änderung im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"übergeordneten Objekt enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:393 sssd-ldap.5.xml:984 sssd-ldap.5.xml:1210
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: modifyTimestamp"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: modifyTimestamp"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shadow_last_change (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shadow_last_change (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the last password change)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> (Datum der letzten Passwortänderung) gehört."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: shadowLastChange"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: shadowLastChange"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shadow_min (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shadow_min (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"password age)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> (Mindestpasswortalter) gehört."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: shadowMin"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: shadowMin"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shadow_max (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shadow_max (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"password age)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> (maximales Passwortalter) gehört."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: shadowMax"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: shadowMax"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shadow_warning (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shadow_warning (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(password warning period)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> (Passwortwarnperiode) gehört."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: shadowWarning"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: shadowWarning"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shadow_inactive (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shadow_inactive (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(password inactivity period)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> (Passwortinaktivitätsperiode) gehört."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: shadowInactive"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: shadowInactive"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_shadow_expire (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_shadow_expire (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"parameter contains the name of an LDAP attribute corresponding to its "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> counterpart (account expiration date)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=shadow« benutzt wird, enthält dieser Parameter den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Namen eines LDAP-Attributs, das zum entsprechenden Gegenstück von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> (Ablaufdatum des Kontos) gehört."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: shadowExpire"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: shadowExpire"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_krb_last_pwd_change (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_krb_last_pwd_change (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"an LDAP attribute storing the date and time of last password change in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=mit_kerberos« benutzt wird, enthält dieser Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den Namen eines LDAP-Attributs, in dem Datum und Zeit der letzten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Passwortänderung in Kerberos gespeichert sind."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: krbLastPwdChange"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: krbLastPwdChange"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_krb_password_expiration (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_krb_password_expiration (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"an LDAP attribute storing the date and time when current password expires."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_pwd_policy=mit_kerberos« benutzt wird, enthält dieser Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den Namen eines LDAP-Attributs, welches das Datum und die Zeit enthält, wann "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das aktuelle Passwort erlischt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: krbPasswordExpiration"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: krbPasswordExpiration"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_ad_account_expires (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_ad_account_expires (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_account_expire_policy=ad, this parameter contains the name "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of an LDAP attribute storing the expiration time of the account."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_account_expire_policy=ad« benutzt wird, enthält dieser Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den Namen eines LDAP-Attributs, in dem die Zeit gespeichert ist, wann das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konto erlischt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: accountExpires"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: accountExpires"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_ad_user_account_control (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_ad_user_account_control (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_account_expire_policy=ad, this parameter contains the name "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of an LDAP attribute storing the user account control bit field."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_account_expire_policy=ad« benutzt wird, enthält dieser Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den Namen eines LDAP-Attributs, in dem das Steuer-Bit-Feld des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzerkontos gespeichert ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: userAccountControl"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: userAccountControl"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_ns_account_lock (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_ns_account_lock (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"determines if access is allowed or not."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_account_expire_policy=rhds« oder Entsprechendes benutzt wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"legt dieser Parameter fest, ob Zugriff gewährt wird oder nicht."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: nsAccountLock"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nsAccountLock"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_nds_login_disabled (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_nds_login_disabled (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_account_expire_policy=nds, this attribute determines if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access is allowed or not."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieses Attribut "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fest, ob Zugriff gewährt wird oder nicht."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: loginDisabled"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: loginDisabled"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_nds_login_expiration_time (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_nds_login_expiration_time (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_account_expire_policy=nds, this attribute determines until "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"which date access is granted."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieser Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fest, bis zu welchem Datum Zugriff gewährt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_nds_login_allowed_time_map (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_nds_login_allowed_time_map (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using ldap_account_expire_policy=nds, this attribute determines the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hours of a day in a week when access is granted."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn »ldap_account_expire_policy=nds« benutzt wird, legt dieses Attribut die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Stunden eines Wochentages fest, in denen Zugriff gewährt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: loginAllowedTimeMap"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: loginAllowedTimeMap"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_principal (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_principal (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains the user's Kerberos User Principal Name "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das den Kerberos User Principal Name (UPN/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Hauptbenutzername) enthält."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: krbPrincipalName"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: krbPrincipalName"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_extra_attrs (string)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ldap_user_extra_attrs (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"usual set of user attributes."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Durch Kommata getrennte Liste der LDAP-Attribute, die SSSD zusammen mit den "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"üblichen Benutzerattributen holen soll."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The list can either contain LDAP attribute names only, or colon-separated "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"LDAP attribute name is specified, the attribute is saved to the cache "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"verbatim. Using a custom SSSD attribute name might be required by "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"environments that configure several SSSD domains with different LDAP schemas."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die Liste kann entweder nur Namen von LDAP-Attributen enthalten, oder durch "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Doppelpunkte getrennte Tupel aus Attributnamen des SSSD-Zwischenspeichers "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"und Namen von LDAP-Attributen. Wenn nur die Namen von LDAP-Attributen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"angegeben werden, wird das Attribut unverändert im Zwischenspeicher "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gespeichert. Die Verwendung eines benutzerdefinierten SSSD-Attributnamens "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"kann in Umgebungen notwendig sein, in denen mehrere SSSD-Domains mit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"unterschiedlichen LDAP-Schemata eingerichtet sind."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that several attribute names are reserved by SSSD, notably the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>name</quote> attribute. SSSD would report an error if any of the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"reserved attribute names is used as an extra attribute name."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bitte beachten Sie, dass diverse Attributnamen durch SSSD reserviert sind, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"beispielsweise das Attribut <quote>name</quote>. SSSD würde einen Fehler "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"melden, falls eines der reservierten Attribute als zusätzlicher Attributname "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwendet wird."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_extra_attrs = telephoneNumber"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ldap_user_extra_attrs = telephoneNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote>telephoneNumber</quote> to the cache."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Speichert das Attribut <quote>telephoneNumber</quote> von LDAP als "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>telephoneNumber</quote> im Zwischenspeicher."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_extra_attrs = phone:telephoneNumber"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ldap_user_extra_attrs = phone:telephoneNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"quote> to the cache."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Speichert das Attribut <quote>telephoneNumber</quote> von LDAP als "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>phone</quote> im Zwischenspeicher."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_user_ssh_public_key (string)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "ldap_user_ssh_public_key (Zeichenkette)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "The LDAP attribute that contains the user's SSH public keys."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Benutzers enthält"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: sshPublicKey"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_force_upper_case_realm (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_force_upper_case_realm (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Some directory servers, for example Active Directory, might deliver the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"realm part of the UPN in lower case, which might cause the authentication to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fail. Set this option to a non-zero value if you want to use an upper-case "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Einige Verzeichnisserver, zum Beispiel Active Directory, könnten den Realm-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Teil der UPN in Kleinbuchstaben liefern, was zum Scheitern der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierung führen kann. Setzen Sie diese Option auf einen Wert "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ungleich Null, falls Sie einen Realm in Großbuchstaben wünschen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_enumeration_refresh_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_enumeration_refresh_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies how many seconds SSSD has to wait before refreshing its cache of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enumerated records."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, wie viele Sekunden lang SSSD warten soll, bevor es seinen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zwischenspeicher aufgezählter Datensätze aktualisiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_purge_cache_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_purge_cache_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Determine how often to check the cache for inactive entries (such as groups "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"with no members and users who have never logged in) and remove them to save "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmt, wie oft der Zwischenspeicher auf inaktive Einträge überprüft wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(wie Gruppen ohne Mitglieder und Benutzer, die sich noch nie angemeldet "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"haben) und diese entfernt werden, um Platz zu sparen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Setting this option to zero will disable the cache cleanup operation. Please "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"note that if enumeration is enabled, the cleanup task is required in order "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"to detect entries removed from the server and can't be disabled. By default, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"the cleanup task will run every 3 hours with enumeration enabled."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_fullname (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_fullname (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the user's full name."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:759 sssd-ldap.5.xml:1161 sssd-ldap.5.xml:1235
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1344 sssd-ldap.5.xml:2394 sssd-ipa.5.xml:607
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: cn"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: cn"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_member_of (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_member_of (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that lists the user's group memberships."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das die Gruppenmitgliedschaften des Benutzers aufführt"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: memberOf"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: memberOf"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_authorized_service (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_authorized_service (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"use the presence of the authorizedService attribute in the user's LDAP entry "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to determine access privilege."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls »access_provider=ldap« und »ldap_access_order=authorized_service« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt werden, wird SSSD die Anwesenheit das Attributs »authorizedService« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"im LDAP-Eintrag den Benutzers nutzen, um die Zugriffsrechte zu bestimmen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"explicit allow (svc) and finally for allow_all (*)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ein explizites Verweigern (»!svc«) wird zuerst aufgelöst. Als Zweites sucht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD eine explizite Erlaubnis (»svc«) und zuletzt nach »allow_all« (*)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that the ldap_access_order configuration option <emphasis>must</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> include <quote>authorized_service</quote> in order for the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_user_authorized_service option to work."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»authorized_service« enthalten <emphasis>muss</emphasis>, damit die Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_authorized_service« funktioniert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: authorizedService"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: authorizedService"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_authorized_host (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_authorized_host (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"presence of the host attribute in the user's LDAP entry to determine access "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls »access_provider=ldap« und »ldap_access_order=host« benutzt werden, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird SSSD die Anwesenheit das Attributs »host« im LDAP-Eintrag den Benutzers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verwenden, um die Zugriffsrechte zu bestimmen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"An explicit deny (!host) is resolved first. Second, SSSD searches for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"explicit allow (host) and finally for allow_all (*)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ein explizites Verweigern (»!host«) wird zuerst aufgelöst. Als Zweites sucht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that the ldap_access_order configuration option <emphasis>must</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> include <quote>host</quote> in order for the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_user_authorized_host option to work."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« »host« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enthalten <emphasis>muss</emphasis>, damit die Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_authorized_host« funktioniert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: host"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: host"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_user_authorized_host (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ldap_user_authorized_rhost (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_user_authorized_host (Zeichenkette)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "presence of the host attribute in the user's LDAP entry to determine "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "access privilege."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"presence of the rhost attribute in the user's LDAP entry to determine access "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"privilege. Similarly to host verification process."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Falls »access_provider=ldap« und »ldap_access_order=host« benutzt werden, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"wird SSSD die Anwesenheit das Attributs »host« im LDAP-Eintrag den Benutzers "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"verwenden, um die Zugriffsrechte zu bestimmen."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "explicit allow (host) and finally for allow_all (*)."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"explicit allow (rhost) and finally for allow_all (*)."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Ein explizites Verweigern (»!host«) wird zuerst aufgelöst. Als Zweites sucht "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"SSSD eine explizite Erlaubnis (»host«) und zuletzt nach »allow_all« (*)."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Please note that the ldap_access_order configuration option "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<emphasis>must</emphasis> include <quote>host</quote> in order for the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "ldap_user_authorized_host option to work."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please note that the ldap_access_order configuration option <emphasis>must</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"emphasis> include <quote>rhost</quote> in order for the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"ldap_user_authorized_rhost option to work."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« »host« "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"enthalten <emphasis>muss</emphasis>, damit die Option "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"»ldap_user_authorized_host« funktioniert."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: host"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: rhost"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Voreinstellung: host"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ldap_user_certificate (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Name of the LDAP attribute containing the X509 certificate of the user."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: filter"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: userCertificate;binary"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Voreinstellung: filter"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "ldap_user_email (string)"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "Name of the LDAP attribute containing the email address of the user."
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Note: If an email address of a user conflicts with an email address or fully "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"qualified name of another user, then SSSD will not be able to serve those "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"users properly. If for some reason several users need to share the same "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"email address then set this option to a nonexistent attribute name in order "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"to disable user lookup/login by email."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "Default: mail"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_object_class (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_object_class (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The object class of a group entry in LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Objektklasse eines Gruppeneintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: posixGroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: posixGroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the group name."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das dem Gruppennamen entspricht"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_gid_number (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_gid_number (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the group's id."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das der Gruppen-ID entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_member (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_member (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that contains the names of the group's members."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das die Namen der Gruppenmitglieder enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: memberuid (rfc2307) / member (rfc2307bis)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_group_uuid (string)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "The LDAP attribute that contains the UUID/GUID of an LDAP group object."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_objectsid (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_objectsid (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains the objectSID of an LDAP group object. This "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is usually only necessary for ActiveDirectory servers."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das die ObjectSID eines LDAP-Gruppenobjekts enthält. Dies "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird normalerweise nur für Active-Directory-Server benötigt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_modify_timestamp (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_modify_timestamp (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_group_type (integer)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ldap_group_type (Ganzzahl)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The LDAP attribute that contains an integer value indicating the type of the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"group and maybe other flags."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Das LDAP-Attribut, das einen Ganzzahlwert enthält, der den Gruppentyp und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"eventuell weitere Flags enthält."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This attribute is currently only used by the AD provider to determine if a "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"group is a domain local groups and has to be filtered out for trusted "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Dieses Attribut wird derzeit nur vom AD-Anbieter verwendet, um zu ermitteln, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ob eine Gruppe eine lokale Domain-Gruppe ist und aus den vertrauenswürdigen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Domains herausgefiltert werden sollte."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Default: groupType in the AD provider, otherwise not set"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_group_external_member (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The LDAP attribute that references group members that are defined in an "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"external domain. At the moment, only IPA's external members are supported."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_nesting_level (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_nesting_level (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If ldap_schema is set to a schema format that supports nested groups (e.g. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"RFC2307bis), then this option controls how many levels of nesting SSSD will "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"follow. This option has no effect on the RFC2307 schema."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls »ldap_schema« auf ein Format gesetzt ist, das verschachtelte Gruppen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"(z.B. RFC2307bis) unterstützt, dann steuert diese Option, wie viele Stufen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"tief SSSD der Verschachtelung folgt. Diese Option hat keine Auswirkungen auf "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das Schema RFC2307."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Note: This option specifies the guaranteed level of nested groups to be "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"processed for any lookup. However, nested groups beyond this limit "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<emphasis>may be</emphasis> returned if previous lookups already resolved "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"the deeper nesting levels. Also, subsequent lookups for other groups may "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"enlarge the result set for original lookup if re-queried."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Hinweis: Diese Option gibt die garantierte Tiefe verschachtelter Gruppen an, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"die bei Suchvorgängen verarbeitet werden soll. Dennoch <emphasis>können</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"emphasis> auch tiefer verschachtelte Gruppen einbezogen werden, falls bei "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"früheren Suchvorgängen die tieferen Ebenen bereits einmal berücksichtigt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"wurden. Außerdem können folgende Suchvorgänge für andere Gruppen die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Ergebnisse des ursprünglichen Suchvorgangs vergrößern, wenn die Suche erneut "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"at all. However, when connected to Active-Directory Server 2008 and later "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"using <quote>id_provider=ad</quote> it is furthermore required to disable "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"restrict group nesting."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 2"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 2"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_groups_use_matching_rule_in_chain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_groups_use_matching_rule_in_chain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option tells SSSD to take advantage of an Active Directory-specific "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"feature which may speed up group lookup operations on deployments with "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"complex or deep nested groups."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option teilt SSSD mit, dass es den Vorteil einer Active-Directory-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"spezifischen Funktionalität nutzen soll, die Gruppenachschlageoptionen und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bereitstellungen mit komplexen oder tief verschachtelten Gruppen zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beschleunigen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In most common cases, it is best to leave this option disabled. It generally "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"only provides a performance increase on very complex nestings."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In den meisten Fällen ist es am besten, diese Option deaktiviert zu lassen. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Normalerweise führt sie nur bei sehr komplexen Verschachtelungen zu einer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Leistungssteigerung."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If this option is enabled, SSSD will use it if it detects that the server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"supports it during initial connection. So \"True\" here essentially means "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"auto-detect\"."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls diese Option aktiviert ist und SSSD beim Verbinden feststellt, dass "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Server sie unterstützt, wird SSSD sie verwenden. Daher bedeutet hier "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»True« eigentlich »auto-detect«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Note: This feature is currently known to work only with Active Directory "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"2008 R1 and later. See <ulink url=\"http://msdn.microsoft.com/en-us/library/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"windows/desktop/aa746475%28v=vs.85%29.aspx\"> MSDN(TM) documentation</ulink> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for more details."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Hinweis: Es ist bekannt, dass diese Funktionalität derzeit nur mit Active "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directory 2008 R1 und neuer funktioniert. Weitere Einzelheiten finden Sie in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der <ulink url=\"http://msdn.microsoft.com/en-us/library/windows/desktop/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"aa746475%28v=vs.85%29.aspx\"> MSDN™-Dokumentation</ulink>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_initgroups_use_matching_rule_in_chain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_initgroups_use_matching_rule_in_chain"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option tells SSSD to take advantage of an Active Directory-specific "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"feature which might speed up initgroups operations (most notably when "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dealing with complex or deep nested groups)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option teilt SSSD mit, dass es den Vorteil einer Active-Directory-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"spezifischen Funktionalität nutzen soll, die möglicherweise Initgroups-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aktionen beschleunigt (vor allem, beim Umgang mit komplexen oder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verschachtelten Gruppen)."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"This options enables or disables use of Token-Groups attribute when "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"performing initgroup for users from Active Directory Server 2008 and later."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Optionen aktivieren oder deaktivieren die Verwendung des Token-Gruppen-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Attributs, wenn »initgroup« für Benutzers des Active Directory Servers 2008 "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"und neuere Versionen ausgeführt wird."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "Default: True for AD and IPA otherwise False."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_netgroup_object_class (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_netgroup_object_class (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The object class of a netgroup entry in LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Objektklasse eines Netzgruppeneintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "In IPA provider, ipa_netgroup_object_class should be used instead."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_object_class« benutzt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: nisNetgroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nisNetgroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_netgroup_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_netgroup_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the netgroup name."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das dem Netzgruppennamen entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "In IPA provider, ipa_netgroup_name should be used instead."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_name« benutzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_netgroup_member (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_netgroup_member (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that contains the names of the netgroup's members."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das die Namen der Netzgruppenmitglieder enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "In IPA provider, ipa_netgroup_member should be used instead."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beim IPA-Anbieter sollte stattdessen »ipa_netgroup_member« benutzt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: memberNisNetgroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: memberNisNetgroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_netgroup_triple (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_netgroup_triple (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains the (host, user, domain) netgroup triples."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das die Netzgruppen-Triples (Rechner, Benutzer, Domain) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "This option is not available in IPA provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Diese Option ist für IPA-Anbieter nicht verfügbar."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: nisNetgroupTriple"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nisNetgroupTriple"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_netgroup_modify_timestamp (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_netgroup_modify_timestamp (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_user_object_class (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_object_class (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_user_object_class (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The object class of a user entry in LDAP."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The object class of a host entry in LDAP."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "die Objektklasse eines Benutzereintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: ipService"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: ipService"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ad_hostname (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_name (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ad_hostname (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that corresponds to the group name."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that corresponds to the host's name."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "das LDAP-Attribut, das dem Gruppennamen entspricht"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_sudo_hostnames (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_fqdn (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_sudo_hostnames (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that corresponds to the user's full name."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"The LDAP attribute that corresponds to the host's fully-qualified domain "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "das LDAP-Attribut, das dem vollständigen Benutzernamen entspricht"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "Default: cn"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Default: fqdn"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "Voreinstellung: cn"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_dns_service_name (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_serverhostname (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_dns_service_name (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "Default: sudoHost"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Default: serverHostname"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "Voreinstellung: sudoHost"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_user_member_of (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_member_of (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_user_member_of (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that lists the user's group memberships."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that lists the host's group memberships."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"das LDAP-Attribut, das die Gruppenmitgliedschaften des Benutzers aufführt"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ipa_host_search_base (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_search_base (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ipa_host_search_base (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Optional. Use the given string as search base for host objects."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Rechnerobjekte"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1287 sssd-ipa.5.xml:359 sssd-ipa.5.xml:378
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"See <quote>ldap_search_base</quote> for information about configuring "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"multiple search bases."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Informationen über das Konfigurieren mehrerer Suchgrundlagen finden Sie "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"unter »ldap_search_base«."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1292 sssd-ipa.5.xml:364 include/ldap_search_bases.xml:27
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "Voreinstellung: der Wert von <emphasis>ldap_search_base</emphasis>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_user_ssh_public_key (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_ssh_public_key (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_user_ssh_public_key (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that contains the user's SSH public keys."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that contains the host's SSH public keys."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"das LDAP-Attribut, das die öffentlichen SSH-Schlüssel des Benutzers enthält"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "ldap_sasl_authid (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_host_uuid (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_sasl_authid (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "The LDAP attribute that contains the port managed by this service."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The LDAP attribute that contains the UUID/GUID of an LDAP host object."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "ldap_service_object_class (string)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "ldap_service_object_class (Zeichenkette)"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "The object class of a service entry in LDAP."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "die Objektklasse eines Diensteintrags in LDAP"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_service_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_service_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains the name of service attributes and their "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das die Namen von Dienstattributen und ihre Alias enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_service_port (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_service_port (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that contains the port managed by this service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das den von diesem Dienst verwalteten Port enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: ipServicePort"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: ipServicePort"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_service_proto (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_service_proto (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that contains the protocols understood by this service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das die von diesem Dienst verstandenen Protokolle enthält"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: ipServiceProtocol"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: ipServiceProtocol"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_service_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_service_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_search_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_search_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the timeout (in seconds) that ldap searches are allowed to run "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"before they are cancelled and cached results are returned (and offline mode "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem LDAP-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Suchen laufen dürfen, bevor sie abgebrochen und die zwischengespeicherten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ergebnisse zurückgegeben werden (und in den Offline-Modus gegangen wird)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Note: this option is subject to change in future versions of the SSSD. It "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"will likely be replaced at some point by a series of timeouts for specific "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"lookup types."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Hinweis: Diese Option ist in zukünftigen Versionen von SSSD Gegenstand von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Änderungen. Sie wird wahrscheinlich an einigen Stellen durch Serien von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zeitüberschreitungspunkten für spezielle Nachschlagetypen ersetzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_enumeration_search_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_enumeration_search_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the timeout (in seconds) that ldap searches for user and group "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enumerations are allowed to run before they are cancelled and cached results "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are returned (and offline mode is entered)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem LDAP-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Suchen nach Benutzer- und Gruppenaufzählungen laufen dürfen, bevor sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"abgebrochen und die zwischengespeicherten Ergebnisse zurückgegeben werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(und in den Offline-Modus gegangen wird)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_network_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_network_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the timeout (in seconds) after which the <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> following a <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> returns in case of no activity."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, nach dem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry>/<citerefentry> <refentrytitle>select</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>2</manvolnum> </citerefentry> gefolgt von einem <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> zurückkehrt, falls keine Aktivität stattfindet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_opt_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_opt_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"will abort if no response is received. Also controls the timeout when "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"operation, password change extended operation and the StartTLS operation."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_connection_expire_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_connection_expire_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"maintained. After this time, the connection will be re-established. If used "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in parallel with SASL/GSSAPI, the sooner of the two values (this value vs. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the TGT lifetime) will be used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Zeitpunkt der Zeitüberschreitung (in Sekunden) an, bis zu dem eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verbindung zu einem LDAP-Server aufrechterhalten wird. Nach dieser Zeit wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Verbindung erneut aufgebaut. Wird dies parallel zu SASL/GSSAPI benutzt, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird der frühere der beiden Werte (dieser Wert gegenüber der TGT-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Lebensdauer) verwendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 900 (15 minutes)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 900 (15 Minuten)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_page_size (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_page_size (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify the number of records to retrieve from LDAP in a single request. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Some LDAP servers enforce a maximum limit per-request."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Anzahl der Datensätze an, die in einer einzelnen Anfrage von LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"empfangen werden. Einige LDAP-Server erzwingen eine Begrenzung des Maximums "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"pro Anfrage."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 1000"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 1000"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_disable_paging (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_disable_paging (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Disable the LDAP paging control. This option should be used if the LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"server reports that it supports the LDAP paging control in its RootDSE but "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"it is not enabled or does not behave properly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"deaktiviert die Seitenadressierungssteuerung von LDAP. Diese Option sollte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt werden, falls der LDAP-Server meldet, dass er die LDAP-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Seitenadressierungssteuerung in seinem RootDSE unterstützt, sie jedoch "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"deaktiviert ist oder sich nicht ordnungsgemäß verhält."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Example: OpenLDAP servers with the paging control module installed on the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"server but not enabled will report it in the RootDSE but be unable to use it."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beispiel: OpenLDAP-Server, bei denen das Seitenadressierungssteuerungsmodul "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"installiert, aber nicht aktiviert ist, werden es im RootDSE melden, sind "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"aber nicht in der Lage, es zu benutzen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Example: 389 DS has a bug where it can only support a one paging control at "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"a time on a single connection. On busy clients, this can result in some "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"requests being denied."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beispiel: 389 DS hat einen Fehler, durch den es gleichzeitig nur eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einzige Seitenadressierungssteuerung für eine einzelne Verbindung benutzen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann. Bei ausgelasteten Clients kann dies dazu führen, dass manche Anfragen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"abgelehnt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_disable_range_retrieval (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_disable_range_retrieval (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Disable Active Directory range retrieval."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "deaktiviert die Bereichsabfrage von Active Directory"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory limits the number of members to be retrieved in a single "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"group contains more members, the reply would include an AD-specific range "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"extension. This option disables parsing of the range extension, therefore "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"large groups will appear as having no members."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory begrenzt die Anzahl der Mitglieder, die in einem einzigen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Nachschlagen mittels der MaxValRange-Richtlinie empfangen werden können (die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung sind 1.500 Mitglieder). Falls eine Gruppe mehr Mitglieder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enthält, wird die Antwort eine AD-spezifische Bereichserweiterung enthalten. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option deaktiviert das Auswerten der Bereichserweiterung, daher wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"es so aussehen, als ob große Gruppen keine Mitglieder hätten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sasl_minssf (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sasl_minssf (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When communicating with an LDAP server using SASL, specify the minimum "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"security level necessary to establish the connection. The values of this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"option are defined by OpenLDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn mittels SASL mit einem LDAP-Server kommuniziert wird, gibt dies die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mindestens nötige Sicherheitsstufe zum Herstellen der Verbindung an. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Werte dieser Option werden durch OpenLDAP definiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Use the system default (usually specified by ldap.conf)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: verwendet die Voreinstellungen des System (normalerweise in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_deref_threshold (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_deref_threshold (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify the number of group members that must be missing from the internal "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"cache in order to trigger a dereference lookup. If less members are missing, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"they are looked up individually."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Anzahl der Gruppenmitglieder an, die aus dem internen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zwischenspeicher fehlen muss, um ein dereferenzierendes Nachschlagen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auszulösen. Falls weniger Mitglieder fehlen, werden sie individuell "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nachgeschlagen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"You can turn off dereference lookups completely by setting the value to 0."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sie können dereferenzierendes Nachschlagen komplett ausschalten, indem Sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den Wert auf 0 setzen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"A dereference lookup is a means of fetching all group members in a single "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP call. Different LDAP servers may implement different dereference "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dereferenzierendes Nachschlagen ist ein Mittel, um alle Gruppenmitglieder in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einem einzigen LDAP-Aufruf abzuholen. Verschiedene LDAP-Server können "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterschiedliche Methoden zum Dereferenzieren implementieren. Die derzeit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterstützten Server sind 389/RHDS, OpenLDAP und Active Directory."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filter, then the dereference lookup performance enhancement will be disabled "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"regardless of this setting."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>Hinweis:</emphasis> Falls eine der Suchgrundlagen einen Suchfilter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"angibt, wird die Verbesserung der Leistung beim dereferenzierenden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Nachschlagen ohne Rücksicht auf die Einstellung deaktiviert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_tls_reqcert (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_tls_reqcert (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies what checks to perform on server certificates in a TLS session, if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"any. It can be specified as one of the following values:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, welche Prüfungen von Server-Zertifikaten in einer TLS-Sitzung "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"durchgeführt werden, falls vorhanden. Dies kann in Form einer der folgenden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Werte angegeben werden:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>never</emphasis> = The client will not request or check any server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"certificate."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>never</emphasis> = Der Client wird kein Server-Zertifikat prüfen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"oder anfordern."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>allow</emphasis> = The server certificate is requested. If no "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"certificate is provided, the session proceeds normally. If a bad certificate "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is provided, it will be ignored and the session proceeds normally."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>allow</emphasis> = Das Server-Zertifikat wird angefordert. Falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kein Zertifikat bereitgestellt wird, fährt die Sitzung normal fort. Falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ein ungültiges Zertifikat bereitgestellt wird, wird es ignoriert und die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sitzung fährt normal fort."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>try</emphasis> = The server certificate is requested. If no "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"certificate is provided, the session proceeds normally. If a bad certificate "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is provided, the session is immediately terminated."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>try</emphasis> = Das Server-Zertifikat wird angefordert. Falls das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zertifikat bereitgestellt wird, fährt die Sitzung normal fort. Falls ein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ungültiges Zertifikat bereitgestellt wird, wird die Sitzung sofort beendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>demand</emphasis> = The server certificate is requested. If no "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"certificate is provided, or a bad certificate is provided, the session is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"immediately terminated."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>demand</emphasis> = Das Server-Zertifikat wird angefordert. Falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kein oder ein ungültiges Zertifikat bereitgestellt wird, wird die Sitzung "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sofort beendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>hard</emphasis> = entspricht »demand«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: hard"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: hard"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_tls_cacert (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_tls_cacert (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the file that contains certificates for all of the Certificate "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authorities that <command>sssd</command> will recognize."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Datei an, die Zertifikate für alle Zertifizierungstellen enthält, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die <command>sssd</command> erkennen wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1641 sssd-ldap.5.xml:1659 sssd-ldap.5.xml:1700
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: use OpenLDAP defaults, typically in <filename>/etc/openldap/ldap."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"conf</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: verwendet OpenLDAP-Voreinstellungen, normalerweise aus "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<filename>/etc/openldap/ldap.conf</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_tls_cacertdir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_tls_cacertdir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the path of a directory that contains Certificate Authority "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"certificates in separate individual files. Typically the file names need to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"be the hash of the certificate followed by '.0'. If available, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>cacertdir_rehash</command> can be used to create the correct names."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Pfad eines Verzeichnisses an, das Zertifikate von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zertifizierungstellen in separaten individuellen Dateien enthält. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dateinamen sollen normalerweise ein Hash-Wert des Zertifikats gefolgt von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"».0« sein. Falls verfügbar, kann <command>cacertdir_rehash</command> zum "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Erstellen der korrekten Namen verwendet werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_tls_cert (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_tls_cert (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specifies the file that contains the certificate for the client's key."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Datei an, die das Zertifikat für den Schlüssel des Clients enthält."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_tls_key (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_tls_key (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specifies the file that contains the client's key."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt die Datei an, die den Schlüssel des Clients enthält."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_tls_cipher_suite (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_tls_cipher_suite (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Specifies acceptable cipher suites. Typically this is a colon separated "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"list. See <citerefentry><refentrytitle>ldap.conf</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum></citerefentry> for format."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_id_use_start_tls (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_id_use_start_tls (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies that the id_provider connection must also use <systemitem class="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"protocol\">tls</systemitem> to protect the channel."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, dass die Verbindung »id_provider« auch <systemitem class=\"protocol"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\">tls</systemitem> benutzen muss, um den Kanal abzusichern."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_id_mapping (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_id_mapping (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies that SSSD should attempt to map user and group IDs from the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"on ldap_user_uid_number and ldap_group_gid_number."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, dass SSSD versuchen soll, die Benutzer- und Gruppen-ID von den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Attributen »ldap_user_objectsid« und »ldap_group_objectsid« abzubilden, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"statt sich auf »ldap_user_uid_number« und »ldap_group_gid_number« zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Currently this feature supports only ActiveDirectory objectSID mapping."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Derzeit unterstützt diese Funktionalität nur das Abbilden von Active-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directory-ObjectSIDs."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "ldap_min_id, ldap_max_id (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"set to true the allowed ID range for ldap_user_uid_number and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_group_gid_number is unbound. In a setup with sub/trusted-domains this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"can be set to restrict the allowed range for the IDs which are read directly "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"from the server. Sub-domains can then pick other ranges to map IDs."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Im Gegensatz zum SID-basierten ID-Abbilden, das benutzt wird, falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_id_mapping« auf »true« gesetzt ist, ist der erlaubte ID-Bereich für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_uid_number« und »ldap_group_gid_number« offen. In einer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration mit Unter-Domains und vertrauenswürdigen Domains könnte dies "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zu ID-Kollisionen führen. Um Kollisionen zu vermeiden, können »ldap_min_id« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und »ldap_max_id« zum Begrenzen des erlaubten Bereichs für direkt vom Server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gelesene IDs verwendet werden. Unter-Domains können dann andere Bereiche zur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abbildung von IDs wählen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set (both options are set to 0)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nicht gesetzt (beide Optionen sind auf 0 gesetzt)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sasl_mech (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sasl_mech (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, welcher SASL-Mechanismus benutzt werden soll. Derzeit ist nur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"GSSAPI getestet und wird unterstützt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sasl_authid (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sasl_authid (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify the SASL authorization id to use. When GSSAPI is used, this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"represents the Kerberos principal used for authentication to the directory. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option can either contain the full principal (for example host/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"myhost@EXAMPLE.COM) or just the principal name (for example host/myhost)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, welche SASL-Berechtigungs-ID benutzt werden soll. Wenn GSSAPI "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verwendet wird, steht dies für den Kerberos-Principal, der für die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierung zum Verzeichnis benutzt wird. Diese Option kann entweder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"den vollständigen Principal (zum Beispiel Rechner/MeinRechner@EXAMPLE.COM) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"oder nur den Namen des Principals (zum Beispiel Rechner/MeinRechner) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: host/hostname@REALM"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung Rechner/MeinRechner@BEREICH"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sasl_realm (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sasl_realm (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify the SASL realm to use. When not specified, this option defaults to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"well, this option is ignored."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den SASL-Realm an, der benutzt werden soll. Wurde diese Option nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"angegeben, ist die Voreinstellung der Wert von »krb5_realm«. Falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_sasl_authid« ebenfalls den Realm enthält, wird diese Option ignoriert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: the value of krb5_realm."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: der Wert von »krb5_realm«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sasl_canonicalize (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sasl_canonicalize (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If set to true, the LDAP library would perform a reverse lookup to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"canonicalize the host name during a SASL bind."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls dies auf »true« gesetzt wäre, würde die LDAP-Bibliothek ein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"umgekehrtes Nachschlagen durchführen, um den Rechnernamen während eines SASL-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bind in eine kanonische Form zu bringen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: false;"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: false;"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_krb5_keytab (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_krb5_keytab (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specify the keytab to use when using SASL/GSSAPI."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt die Keytab an, wenn SASL/GSSAPI benutzt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: System keytab, normally <filename>/etc/krb5.keytab</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: Keytab des Systems, normalerweise <filename>/etc/krb5."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"keytab</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_krb5_init_creds (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_krb5_init_creds (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies that the id_provider should init Kerberos credentials (TGT). This "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"action is performed only if SASL is used and the mechanism selected is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, dass der »id_provider« Kerberos-Anmeldedaten (TGT) initialisieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"soll. Diese Aktion wird nur durchgeführt, falls SASL benutzt wird und der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ausgewählte Mechnaismus GSSAPI ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_krb5_ticket_lifetime (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_krb5_ticket_lifetime (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Lebensdauer eines TGT in Sekunden an, falls GSSAPI benutzt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 86400 (24 hours)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 86400 (24 Stunden)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_server, krb5_backup_server (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_server, krb5_backup_server (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the comma-separated list of IP addresses or hostnames of the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kerberos servers to which SSSD should connect in the order of preference. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For more information on failover and server redundancy, see the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"colon) may be appended to the addresses or hostnames. If empty, service "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"discovery is enabled - for more information, refer to the <quote>SERVICE "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DISCOVERY</quote> section."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gibt die durch Kommata getrennte Liste von IP-Adressen bzw. Rechnernamen von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kerberos-Servern in der Reihenfolge an, in der sich SSSD mit ihnen verbinden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"soll. Weitere Informationen über Ausfallsicherung und Redundanz finden Sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder Rechnernamen kann eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden. Falls dies leer gelassen wurde, wird die Dienstsuche aktiviert. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen finden Sie im Abschnitt »DIENSTSUCHE«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using service discovery for KDC or kpasswd servers, SSSD first searches "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"none are found."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn die Dienstsuche für Schlüsselverwaltungszentralen- (KDC) oder Kpasswd-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Server benutzt wird, durchsucht SSSD zuerst die DNS-Einträge, die_udp als "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Protokoll angeben. Falls keine gefunden werden, weicht es auf _tcp aus."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"While the legacy name is recognized for the time being, users are advised to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"migrate their config files to use <quote>krb5_server</quote> instead."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option hieß in früheren Veröffentlichungen von SSSD »krb5_kdcip«. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Obwohl der alte Name einstweilen noch in Erinnerung ist, wird Anwendern "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"geraten, ihre Konfigurationsdateien auf die Verwendung von »krb5_server« zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:1888 sssd-ipa.5.xml:428 sssd-krb5.5.xml:103
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_realm (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_realm (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specify the Kerberos REALM (for SASL/GSSAPI auth)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt den Kerberos-REALM an (für SASL/GSSAPI-Authentifizierung)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: System defaults, see <filename>/etc/krb5.conf</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: Systemvoreinstellungen, siehe <filename>/etc/krb5.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_canonicalize (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_canonicalize (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies if the host principal should be canonicalized when connecting to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP server. This feature is available with MIT Kerberos >= 1.7"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, ob der Host Principal beim Verbinden mit einem LDAP-Server in eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kanonische Form gebracht werden soll. Diese Funktionalität ist mit MIT "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kerberos >= 1.7 verfügbar."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_use_kdcinfo (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_use_kdcinfo (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"which KDCs to use. This option is on by default, if you disable it, you need "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to configure the Kerberos library using the <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> configuration file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, ob SSSD die Kerberos-Bibliotheken anweisen soll, welcher Realm und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"welche Schlüsselverwaltungszentralen (KDCs) benutzt werden sollen. Diese "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Option ist standardmäßig eingeschaltet. Falls Sie sie ausschalten, müssen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sie die Kerberos-Bibliothek mittels der Konfigurationsdatei "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> einrichten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"information on the locator plugin."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über die Locator-Erweiterung finden Sie auf der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Handbuchseite <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_pwd_policy (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_pwd_policy (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Select the policy to evaluate the password expiration on the client side. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following values are allowed:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wählt das Regelwerk, anhand dessen das Client-seitige Erlöschen des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Passworts abgeschätzt werden soll. Die folgenden Werte sind erlaubt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>none</emphasis> - No evaluation on the client side. This option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"cannot disable server-side password policies."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>none</emphasis> – keine Client-seitige Abschätzung. Diese Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann keine Server-seitigen Passwortregelwerke deaktivieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"evaluate if the password has expired."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>shadow</emphasis> – benutzt Attribute im Stil von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum></citerefentry>, um abzuschätzen, ob das Passwort erloschen ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to determine if the password has expired. Use chpass_provider=krb5 to update "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"these attributes when the password is changed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>mit_kerberos</emphasis> – verwendet die von MIT Kerberos benutzten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Attribute, um zu bestimmen, ob das Passwort erloschen ist. Verwenden Sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»chpass_provider=krb5«, um diese Attribute zu aktualisieren, wenn das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Passwort geändert wurde."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>Note</emphasis>: if a password policy is configured on server "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"side, it always takes precedence over policy set with this option."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>Hinweis</emphasis>: Falls serverseitig eine Passwortregel "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"konfiguriert ist, hat diese stets Vorrang vor der mit dieser Option "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"festgelegten Regel."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_referrals (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_referrals (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specifies whether automatic referral chasing should be enabled."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt an, ob automatische Verweisverfolgung aktiviert werden soll."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that sssd only supports referral chasing when it is compiled "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"with OpenLDAP version 2.4.13 or higher."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass SSSD nur Verweisverfolgung unterstützt, falls es "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mit OpenLDAP Version 2.4.13 oder höher kompiliert wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Chasing referrals may incur a performance penalty in environments that use "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"them heavily, a notable example is Microsoft Active Directory. If your setup "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"does not in fact require the use of referrals, setting this option to false "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"might bring a noticeable performance improvement."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verweisverfolgungen können in Umgebungen, die ausgiebig von ihnen Gebrauch "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"machen, einen Leistungsnachteil erleiden, ein beachtenswertes Beispiel ist "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Microsoft Active Directory. Falls ihre Installation Verweisverfolgungen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht tatsächlich benötigt, könnte diese Option auf »false« zu setzen eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"merkliche Leistungsverbesserung bringen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_dns_service_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_dns_service_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specifies the service name to use when service discovery is enabled."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, welcher Dienstname bei aktivierter Dienstsuche benutzt werden soll."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: ldap"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: ldap"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_chpass_dns_service_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_chpass_dns_service_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the service name to use to find an LDAP server which allows "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"password changes when service discovery is enabled."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Dienstnamen an, der zum Finden eines LDAP-Servers benutzt werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"soll, der Passwortänderungen bei aktivierter Dienstsuche ermöglicht."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set, i.e. service discovery is disabled"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nicht gesetzt, d.h. Dienstsuche ist deaktiviert"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_chpass_update_last_change (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_chpass_update_last_change (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies whether to update the ldap_user_shadow_last_change attribute with "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"days since the Epoch after a password change operation."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, ob das Attribut »ldap_user_shadow_last_change« nach einer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Passwortänderung mit Unix-Zeit geändert wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_access_filter (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_access_filter (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If using access_provider = ldap and ldap_access_order = filter (default), "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"this option is mandatory. It specifies an LDAP search filter criteria that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"must be met for the user to be granted access on this host. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access_provider = ldap, ldap_access_order = filter and this option is not "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"set, it will result in all users being denied access. Use access_provider = "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"permit to change this default behavior. Please note that this filter is "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"applied on the LDAP user entry only and thus filtering based on nested "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"groups may not work (e.g. memberOf attribute on AD entries points only to "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"direct parents). If filtering based on nested groups is required, please see "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manvolnum> </citerefentry>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Falls access_provider = ldap und ldap_access_order = filter ist "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"(Voreinstellung), dann ist diese Option obligatorisch. Sie gibt ein "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Suchfilterkriterium für LDAP an, dass auf den Benutzer passen muss, damit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"diesem Zugriff auf den Host gewährt wird. Falls access_provider = ldap und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ldap_access_order = filter ist und diese Option nicht gesetzt ist, wird "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"allen Benutzern der Zugriff verweigert. Verwenden Sie access_provider = "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"permit, um dieses Standardverhalten zu ändern. Bitte beachten Sie, dass "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"dieser Filter nur auf den LDAP-Benutzereintrag angewendet wird und daher die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"auf verschachtelten Gruppen basierende Filterung nicht funktioniert. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Beispielsweise zeigt das Active-Directory-Attribut »memberOf« nur auf die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"unmittelbaren Eltern. Falls die Filterung basierend auf verschachtelten "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Gruppen erforderlich sein sollte, finden Sie genauere Anweisungen in der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Handbuchseite zu <citerefentry> <refentrytitle>sssd-simple</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Example:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Beispiel:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access_provider = ldap\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"ldap_access_filter = (employeeType=admin)\n"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"access_provider = ldap\n"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ldap_access_filter = (employeeType=admin)\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This example means that access to this host is restricted to users whose "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"employeeType attribute is set to \"admin\"."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"In diesem Beispiel wird der Zugriff auf diesen Host auf jene Benutzer "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"beschränkt, deren employeeType-Attribut auf »admin« gesetzt ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Offline caching for this feature is limited to determining whether the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"user's last online login was granted access permission. If they were granted "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access during their last login, they will continue to be granted access "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"while offline and vice versa."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Empty"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: leer"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_account_expire_policy (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_account_expire_policy (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"With this option a client side evaluation of access control attributes can "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Mit dieser Option kann eine Client-seitige Abschätzung der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zugriffssteuerungsattribute aktiviert werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that it is always recommended to use server side access control, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"i.e. the LDAP server should deny the bind request with a suitable error code "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"even if the password is correct."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass die Server-seitige Zugriffssteuerung generell "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"empfohlen wird, d.h. der LDAP-Server sollte die Bind-Abfrage sogar dann mit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einem geeigneten Fehlercode zurückweisen, wenn das Passwort korrekt ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The following values are allowed:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Die folgenden Werte sind erlaubt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"determine if the account is expired."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>shadow</emphasis>: verwendet den Wert von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_shadow_expire«, um zu bestimmen, ob das Konto abgelaufen ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>ad</emphasis>: use the value of the 32bit field "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_user_ad_user_account_control and allow access if the second bit is not "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"set. If the attribute is missing access is granted. Also the expiration time "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of the account is checked."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>ad</emphasis>: verwendet den Wert des 32-Bit-Felds "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_ad_user_account_control« und ermöglicht den Zugriff, falls das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zweite Bit nicht gesetzt ist. Falls das Attribut fehlt, wird Zugriff "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gewährt. Außerdem wird die Ablaufzeit des Kontos geprüft."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis>: use the value of ldap_ns_account_lock to check if access is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"allowed or not."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis>: verwenden den Wert von »ldap_ns_account_lock«, um zu prüfen, ob "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zugriff erlaubt wird oder nicht."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>nds</emphasis>: the values of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If both attributes are missing access is granted."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>nds</emphasis>: Die Werte von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_nds_login_allowed_time_map«, »ldap_user_nds_login_disabled« und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_user_nds_login_expiration_time« werden benutzt, um zu überprüfen, ob "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zugriff gewährt wird. Falls diese Attribute fehlen, wird Zugriff erteilt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that the ldap_access_order configuration option <emphasis>must</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> include <quote>expire</quote> in order for the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_account_expire_policy option to work."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass die Konfigurationsoption »ldap_access_order« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»expire« enthalten <emphasis>muss</emphasis>, damit die Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_account_expire_policy« funktioniert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_access_order (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_access_order (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Comma separated list of access control options. Allowed values are:"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"durch Kommata getrennte Liste von Zugriffssteuerungsoptionen. Folgende Werte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sind erlaubt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>filter</emphasis>: use ldap_access_filter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>filter</emphasis>: verwendet »ldap_access_filter«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<emphasis>lockout</emphasis>: use account locking. If set, this option "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Please note that 'access_provider = ldap' must be set for this feature to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"quote> option and might be removed in a future release. </emphasis>"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"and has value of '000001010000Z' or represents any time in the past. The "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"denotes the UTC time zone. Other time zones are not currently supported and "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"will result in \"access-denied\" when users attempt to log in. Please see "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"must be set for this feature to work."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>expire</emphasis>: verwendet »ldap_account_expire_policy«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"interested in being warned that password is about to expire and "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"authentication is based on using a different method than passwords - for "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"example SSH keys."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"The difference between these options is the action taken if user password is "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"expired: pwd_expire_policy_reject - user is denied to log in, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"pwd_expire_policy_warn - user is still able to log in, "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"pwd_expire_policy_renew - user is prompted to change his password "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"immediately."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note If user password is expired no explicit message is prompted by SSSD."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Please note that 'access_provider = ldap' must be set for this feature to "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to determine access"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>authorized_service</emphasis>: verwendet das Attribut "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»authorizedService«, um zu bestimmen, ob Zugriff gewährt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>host</emphasis>: use the host attribute to determine access"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ob Zugriff gewährt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<emphasis>host</emphasis>: use the host attribute to determine access"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"remote host can access"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<emphasis>host</emphasis>: verwendet das Attribut »host«, um zu bestimmen, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"ob Zugriff gewährt wird."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Please note, rhost field in pam is set by application, it is better to check "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"what the application sends to pam, before enabling this access control option"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: filter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: filter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that it is a configuration error if a value is used more than "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass es ein Konfigurationsfehler ist, falls ein Wert "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mehr als einmal benutzt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ldap_pwdlockout_dn (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"This option specifies the DN of password policy entry on LDAP server. Please "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"note that absence of this option in sssd.conf in case of enabled account "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"lockout checking will yield access denied as ppolicy attributes on LDAP "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"server cannot be checked properly."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_deref (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_deref (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies how alias dereferencing is done when performing a search. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"following options are allowed:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt an, wie Alias-Dereferenzierung bei einer Suche erledigt wird. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"folgenden Optionen sind erlaubt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>never</emphasis>: Alias werden nie dereferenziert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the base object, but not in locating the base object of the search."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>searching</emphasis>: Alias werden auf Unterebenen des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Basisobjekts dereferenziert, nicht jedoch beim Orten des Basisobjekts der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the base object of the search."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>finding</emphasis>: Alias werden nur beim Orten des Basisobjekts "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Suche dereferenziert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in locating the base object of the search."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>always</emphasis>: Alias werden sowohl bei der Suche als auch beim "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Orten des Basisobjekts der Suche dereferenziert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"client libraries)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: leer (Dies wird durch LDAP-Client-Bibliotheken wie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>never</emphasis> gehandhabt.)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_rfc2307_fallback_to_local_users (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_rfc2307_fallback_to_local_users (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Allows to retain local users as members of an LDAP group for servers that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"use the RFC2307 schema."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ermöglich, lokale Anwender als Mitglieder einer LDAP-Gruppe für Server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beizubehalten, die das Schema RFC2307 benutzen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In some environments where the RFC2307 schema is used, local users are made "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"members of LDAP groups by adding their names to the memberUid attribute. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The self-consistency of the domain is compromised when this is done, so SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"would normally remove the \"missing\" users from the cached group "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"memberships as soon as nsswitch tries to fetch information about the user "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"via getpw*() or initgroups() calls."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In einigen Umgebungen, in denen das Schema RFC2307 verwendet wird, werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"lokale Benutzer zu Mitgliedern einer LDAP-Gruppe gemacht, indem ihre Namen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dem Attribut »memberUid« hinzugefügt werden. Die eigene Stimmigkeit der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Domain wird dabei kompromittiert, daher würde SSSD normalerweise »fehlende« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anwender aus den zwischengespeicherten Gruppenmitgliedschaften entfernen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sobald Nsswitch versucht, Informationen über den Anwender durch Aufrufen von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"getpw*() oder initgroups() abzurufen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option falls back to checking if local users are referenced, and caches "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"them so that later initgroups() calls will augment the local users with the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"additional LDAP groups."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option greift auf das Prüfen zurück, ob auf lokale Benutzer Bezug "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"genommen wird und speichert sie, so dass spätere Aufrufe von »initgroups() "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die lokalen Benutzer um zusätzliche LDAP-Gruppen erweitert werden."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#| msgid "ldap_opt_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "wildcard_limit (integer)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgstr "ldap_opt_timeout (Ganzzahl)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Specifies an upper limit on the number of entries that are downloaded during "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"a wildcard lookup."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "At the moment, only the InfoPipe responder supports wildcard lookups."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: 1000 (often the size of one page)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"All of the common configuration options that apply to SSSD domains also "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> manual page for full details. <placeholder type="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SUDO OPTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "SUDO-OPTIONEN"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The detailed instructions for configuration of sudo_provider are in the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_object_class (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_object_class (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The object class of a sudo rule entry in LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Objektklasse eines Sudo-Regeleintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoRole"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoRole"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the sudo rule name."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das dem Namen der Sudo-Regel entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_command (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_command (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the command name."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das dem Namen des Befehls entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoCommand"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoCommand"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_host (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_host (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that corresponds to the host name (or host IP address, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"host IP network, or host netgroup)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das dem Rechnernamen (oder der IP-Adresse, dem IP-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Netzwerk oder des Netzwerkgruppe des Rechners) entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoHost"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoHost"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_user (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_user (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that corresponds to the user name (or UID, group name or "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"user's netgroup)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das dem Benutzernamen (oder der UID, dem Gruppennamen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"oder der Netzwerkgruppe des Benutzers) entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoUser"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoUser"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_option (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_option (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the sudo options."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das den Sudo-Optionen entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoOption"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoOption"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_runasuser (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_runasuser (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that corresponds to the user name that commands may be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das dem Benutzernamen entspricht, unter dem Befehle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ausgeführt werden können"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoRunAsUser"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoRunAsUser"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_runasgroup (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_runasgroup (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that corresponds to the group name or group GID that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"commands may be run as."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das dem Gruppennamen oder der GID der Gruppe entspricht, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"worunter Befehle ausgeführt werden können"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoRunAsGroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoRunAsGroup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_notbefore (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_notbefore (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that corresponds to the start date/time for when the sudo "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"rule is valid."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das dem Startdatum und der Startzeit entpricht, wann die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Sudo-Regel gültig wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoNotBefore"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoNotBefore"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_notafter (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_notafter (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The LDAP attribute that corresponds to the expiration date/time, after which "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the sudo rule will no longer be valid."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das LDAP-Attribut, das dem Ablaufdatum und der Ablaufzeit entspricht, nach "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der die Sudo-Regel nicht länger gültig ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoNotAfter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoNotAfter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudorule_order (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudorule_order (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The LDAP attribute that corresponds to the ordering index of the rule."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das LDAP-Attribut, das dem Reihenfolgenindex der Regel entspricht"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: sudoOrder"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: sudoOrder"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_full_refresh_interval (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds SSSD will wait between executing a full refresh of sudo "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"rules (which downloads all rules that are stored on the server)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wie viele Sekunden SSSD zwischen einer vollständigen Aktualisierung von Sudo-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regeln warten wird (wodurch alle auf dem Server gespeicherten Regeln "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"heruntergeladen werden)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Wert muss größer als <emphasis>ldap_sudo_smart_refresh_interval</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> sein."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 21600 (6 hours)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 21600 (6 Stunden)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_smart_refresh_interval (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_smart_refresh_interval (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How many seconds SSSD has to wait before executing a smart refresh of sudo "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"rules (which downloads all rules that have USN higher than the highest USN "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of cached rules)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wie viele Sekunden SSSD warten soll, bevor ein kluges Aktualisieren der Sudo-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regeln ausgeführt wird (wodurch alle Regeln, die eine höhere USN als die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"höchste USN der zwischengespeicherten Regeln haben, heruntergeladen werden)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If USN attributes are not supported by the server, the modifyTimestamp "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"attribute is used instead."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls vom Server keine USN-Attribute unterstützt werden, wird stattdessen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das Attribut »modifyTimestamp« benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_use_host_filter (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_use_host_filter (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If true, SSSD will download only rules that are applicable to this machine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(using the IPv4 or IPv6 host/network addresses and hostnames)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls dies auf »true« gesetzt ist, wird SSSD nur die Regeln herunterladen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die auf diese Maschine angewandt werden können (mittels der IPv4- oder IPv6-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Netzwerkadressen und Rechnernamen)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_hostnames (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_hostnames (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Space separated list of hostnames or fully qualified domain names that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"should be used to filter the rules."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"durch Leerzeichen getrennte Listen von Rechnernamen oder voll qualifizierten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Domain-Namen, die zum Filtern der Regeln benutzt werden sollen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If this option is empty, SSSD will try to discover the hostname and the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fully qualified domain name automatically."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls diese Option leer ist, wird SSSD versuchen, den Rechnernamen und den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"voll qualifizierten Domain-Namen automatisch herauszufinden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2584 sssd-ldap.5.xml:2607 sssd-ldap.5.xml:2625
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> then this option has no effect."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls <emphasis>ldap_sudo_use_host_filter</emphasis> <emphasis>false</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> ist, hat diese Option keine Auswirkungen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not specified"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nicht angegeben"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_ip (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_ip (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Space separated list of IPv4 or IPv6 host/network addresses that should be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"used to filter the rules."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"durch Kommata getrennte Liste von IPv4- oder IPv6-Rechner- beziehungsweise "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Netzwerkadressen, die zum Filtern der Regeln benutzt werden sollen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If this option is empty, SSSD will try to discover the addresses "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"automatically."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls diese Option leer ist, wird SSSD versuchen, die Adressen automatisch "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"herauszufinden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_include_netgroups (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_include_netgroups (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If true then SSSD will download every rule that contains a netgroup in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sudoHost attribute."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls dies auf »true« gesetzt ist, wird SSSD jede Regel herunterladen, die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eine Netzgruppe im Attribut »sudoHost« enthält."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_include_regexp (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_include_regexp (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If true then SSSD will download every rule that contains a wildcard in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sudoHost attribute."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls dies auf »true« gesetzt ist, wird SSSD jede Regel herunterladen, die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einen Platzhalter im Attribut »sudoHost« enthält."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This manual page only describes attribute name mapping. For detailed "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"explanation of sudo related attribute semantics, see <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt nur das Abbilden von Attributnamen. Eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"umfassende Erklärung der Sudo-bezogenen Attributsemantik finden Sie unter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle><manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "AUTOFS OPTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "AUTOFS-OPTIONEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Some of the defaults for the parameters below are dependent on the LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ldap_autofs_map_master_name (string)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ldap_autofs_map_master_name (Zeichenkette)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "The name of the automount master map in LDAP."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Der Name der Automount-Master-Abbildung in LDAP."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: auto.master"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Voreinstellung: auto.master"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_autofs_map_object_class (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_autofs_map_object_class (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The object class of an automount map entry in LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Objektklasse eines Automount-Abbildungseintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_autofs_map_name (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_autofs_map_name (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The name of an automount map entry in LDAP."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "der Name eines Automount-Abbildungseintrags in LDAP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_autofs_entry_object_class (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_autofs_entry_object_class (Zeichenkette)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"The object class of an automount entry in LDAP. The entry usually "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"corresponds to a mount point."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_autofs_entry_key (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_autofs_entry_key (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The key of an automount entry in LDAP. The entry usually corresponds to a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mount point."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Schlüssel eines Automount-Eintrags in LDAP. Normalerweise entspricht der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Eintrag einem Einhängepunkt."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_autofs_entry_value (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_autofs_entry_value (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"automountInformation"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ADVANCED OPTIONS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ERWEITERTE OPTIONEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_netgroup_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_netgroup_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_user_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_user_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_group_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_group_search_base (Zeichenkette)"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "<note>"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"against Active Directory will not be restricted and return all groups "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"memberships, even with no GID mapping. It is recommended to disable this "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"feature, if group names are not being displayed correctly."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "</note>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_sudo_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_sudo_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_autofs_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_autofs_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"These options are supported by LDAP domains, but they should be used with "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"caution. Please include them in your configuration only if you know what you "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"\"variablelist\" id=\"1\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2816 sssd-simple.5.xml:131 sssd-ipa.5.xml:736
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:1038 sssd-krb5.5.xml:570 sss_rpcidmapd.5.xml:98
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:71 sssd-session-recording.5.xml:144
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "EXAMPLE"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "BEISPIEL"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following example assumes that SSSD is correctly configured and LDAP is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"set to one of the domains in the <replaceable>[domains]</replaceable> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"LDAP auf eine der Domains im Abschnitt <replaceable>[domains]</replaceable> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gesetzt ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"id_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"auth_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_uri = ldap://ldap.mydomain.org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_search_base = dc=mydomain,dc=org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_tls_reqcert = demand\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"cache_credentials = true\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2823 sssd-ldap.5.xml:2841 sssd-simple.5.xml:139
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ipa.5.xml:744 sssd-ad.5.xml:1046 sssd-sudo.5.xml:56 sssd-krb5.5.xml:579
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-files.5.xml:78 sssd-session-recording.5.xml:150
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "LDAP ACCESS FILTER EXAMPLE"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"The following example assumes that SSSD is correctly configured and to use "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"the ldap_access_order=lockout."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"id_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"auth_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"access_provider = ldap\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_access_order = lockout\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_uri = ldap://ldap.mydomain.org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_search_base = dc=mydomain,dc=org\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ldap_tls_reqcert = demand\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"cache_credentials = true\n"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ldap.5.xml:2857 sssd_krb5_locator_plugin.8.xml:61 sssd-simple.5.xml:148
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:1061 sssd.8.xml:230 sss_seed.8.xml:163
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ANMERKUNGEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The descriptions of some of the configuration options in this manual page "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are based on the <citerefentry> <refentrytitle>ldap.conf</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"distribution."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Beschreibungen einiger Konfigurationsoptionen auf dieser Handbuchseite "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"basieren auf der Handbuchseite <citerefentry> <refentrytitle>ldap.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> der Distribution "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"OpenLDAP 2.4."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "pam_sss"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "pam_sss"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "PAM module for SSSD"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "PAM-Modul für SSSD"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>pam_sss.so</command> is the PAM interface to the System Security "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Services daemon (SSSD). Errors and results are logged through "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>pam_sss.so</command> ist die PAM-Schnittstelle des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Systemsicherheitsdienst-Daemons (»System Security Services daemon«/SSSD). "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Fehler und Ergebnisse werden durch <command>syslog(3)</command> mit der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Fertigkeit LOG_AUTHPRIV protokolliert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>quiet</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>quiet</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Suppress log messages for unknown users."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "unterdrückt Protokollnachrichten für unbekannte Benutzer"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>forward_pass</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>forward_pass</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If <option>forward_pass</option> is set the entered password is put on the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"stack for other PAM modules to use."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls <option>forward_pass</option> gesetzt ist, wird das eingegebene "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Passwort in den Stapelverabeitungsspeicher gelegt, damit andere PAM-Module "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"es nutzen können."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>use_first_pass</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>use_first_pass</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The argument use_first_pass forces the module to use a previous stacked "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"modules password and will never prompt the user - if no password is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"available or the password is not appropriate, the user will be denied access."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das Argument »use_first_pass« zwingt das Modul ein vorher im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Stapelverabeitungsspeicher abgelegtes Passwort zu benutzen. Es wird den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anwender nie fragen. Falls kein Passwort verfügbar oder das Passwort "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ungeeignet ist, wird dem Benutzer der Zugriff verwehrt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>use_authtok</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>use_authtok</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When password changing enforce the module to set the new password to the one "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provided by a previously stacked password module."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn das Passwort geändert wird, erzwingt das Modul, dass das neue Passwort "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"von einem vorher im Stapelverabeitungsspeicher abgelegten Passwortmodul "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bereitgestellt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>retry=N</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>retry=N</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If specified the user is asked another N times for a password if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentication fails. Default is 0."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ist dies angegeben, wird der Benutzer weitere N mal nach einem Passwort "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gefragt, falls die Authentifizierung fehlschlägt. Voreinstellung ist 0."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that this option might not work as expected if the application "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"calling PAM handles the user dialog on its own. A typical example is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sshd</command> with <option>PasswordAuthentication</option>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass diese Option möglicherweise nicht wie erwartet "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"funktioniert, falls eine Anwendung, die PAM aufruft, den Benutzerdialog "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"selbst abwickelt. Ein typisches Beispiel ist <command>sshd</command> mit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>PasswordAuthentication</option>."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<option>ignore_unknown_user</option>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<option>ignore_unknown_user</option>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"If this option is specified and the user does not exist, the PAM module will "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"return PAM_IGNORE. This causes the PAM framework to ignore this module."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Falls diese Option angegeben ist, aber der Benutzer nicht existiert, gibt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"das PAM-Modul den Wert PAM_IGNORE zurück. Dies hat zur Folge, dass das PAM-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Framework dieses Modul ignoriert."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>ignore_authinfo_unavail</option>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<option>ignore_authinfo_unavail</option>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"the SSSD daemon. This causes the PAM framework to ignore this module."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Gibt an, dass das PAM-Modul PAM_IGNORE zurückgeben soll, falls der SSSD-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Daemon nicht kontaktiert werden kann. Dies hat zur Folge, dass das PAM-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Framework dieses Modul ignoriert."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "<option>domains</option>"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Allows the administrator to restrict the domains a particular PAM service is "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"allowed to authenticate against. The format is a comma-separated list of "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"SSSD domain names, as specified in the sssd.conf file."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"and <quote>pam_public_domains</quote> options. Please see the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"manvolnum> </citerefentry> manual page for more information on these two PAM "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"responder options."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>allow_missing_name</option>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The main purpose of this option is to let SSSD determine the user name based "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"on additional information, e.g. the certificate from a Smartcard."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"auth sufficient pam_sss.so allow_missing_name\n"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The current use case are login managers which can monitor a Smartcard reader "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"for card events. In case a Smartcard is inserted the login manager will call "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"id=\"0\"/> In this case SSSD will try to determine the user name based on "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"the content of the Smartcard, returns it to pam_sss which will finally put "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"it on the PAM stack."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "<option>prompt_always</option>"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"Always prompt the user for credentials. With this option credentials "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"requested by other PAM modules, typically a password, will be ignored and "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"pam_sss will prompt for credentials again. Based on the pre-auth reply by "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"credentials."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "MODULE TYPES PROVIDED"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "BEREITGESTELLTE MODULTYPEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"All module types (<option>account</option>, <option>auth</option>, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>password</option> and <option>session</option>) are provided."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Alle Modultypen (<option>account</option>, <option>auth</option>, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>password</option> und <option>session</option>) werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bereitgestellt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "DATEIEN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If a password reset by root fails, because the corresponding SSSD provider "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"does not support password resets, an individual message can be displayed. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This message can e.g. contain instructions about how to reset a password."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls ein Zurücksetzen des Passworts durch Root fehlschlägt, weil der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zugehörige SSSD-Anbieter das Zurücksetzen von Passwörtern nicht unterstützt, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann eine individuelle Nachricht angezeigt werden. Diese Nachricht kann z.B. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anweisungen enthalten, wie ein Passwort zurückgesetzt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The message is read from the file <filename>pam_sss_pw_reset_message.LOC</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filename> where LOC stands for a locale string returned by <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>. If there is no matching file the content of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<filename>pam_sss_pw_reset_message.txt</filename> is displayed. Root must be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the owner of the files and only root may have read and write permissions "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"while all other users must have only read permissions."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Nachricht wird aus der Datei <filename>pam_sss_pw_reset_message.LOC</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filename> gelesen, wobei LOC für eine durch <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> zurückgegebene Zeichenkette steht. Falls dort keine passende "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Datei ist, wird der Inhalt von <filename>pam_sss_pw_reset_message.txt</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filename> angezeigt. Root muss der Besitzer der Dateien sein und nur Root "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kann Lese- und Schreibrechte haben, während alle anderen Anwender nur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Leserechte haben dürfen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"These files are searched in the directory <filename>/etc/sssd/customize/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Dateien werden im Verzeichnis <filename>/etc/sssd/customize/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DOMAIN_NAME/</filename> gesucht. Falls keine passende Datei vorhanden ist, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird eine allgemeine Nachricht angezeigt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sssd_krb5_locator_plugin.8.xml:10 sssd_krb5_locator_plugin.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sssd_krb5_locator_plugin"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sssd_krb5_locator_plugin"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Kerberos locator plugin"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Kerberos Locator-Plugin"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"libraries what Realm and which KDC to use. Typically this is done in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"To simplify the configuration the Realm and the KDC can be defined in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> as described in <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Das Kerberos Locator-Plugin <command>sssd_krb5_locator_plugin</command> wird "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"vom Kerberos-Anbieter von <citerefentry> <refentrytitle>sssd</refentrytitle> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> verwendet, um für die Kerberos-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bibliotheken festzulegen, welcher Realm und KDC verwendet werden soll. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Typischerweise geschieht dies in der Datei <citerefentry> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"citerefentry>, die immer von den Kerberos-Bibliotheken gelesen wird. Um die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Konfiguration zu vereinfachen, können Realm und KDC in der Datei "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"manvolnum> </citerefentry> definiert werden, so wie es in der Handbuchseite "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"zu <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"manvolnum> </citerefentry> beschrieben ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry> puts the Realm and the name or IP address of the KDC into "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"libraries it reads and evaluates these variables and returns them to the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry> legt den Realm und den Namen oder die IP-Adresse der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Schlüsselverwaltungszentrale (KDC) in den Umgebungsvariablen SSSD_KRB5_REALM "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beziehungsweise SSSD_KRB5_KDC ab. Wenn <command>sssd_krb5_locator_plugin</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"command> durch die Kerberos-Bibliotheken aufgerufen wird, liest es diese "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Variablen, wertet sie aus und gibt sie an die Bibliotheken zurück."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Not all Kerberos implementations support the use of plugins. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sssd_krb5_locator_plugin</command> is not available on your system "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"you have to edit /etc/krb5.conf to reflect your Kerberos setup."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Nicht alle Kerberos-Implementierungen unterstützen die Verwendung von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Erweiterungen. Falls <command>sssd_krb5_locator_plugin</command> nicht auf "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ihrem System vorhanden ist, müssen Sie /etc/krb5.conf bearbeiten, damit sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ihre Kerberos-Einrichtung widerspiegelt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"debug messages will be sent to stderr."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls die Umgebungsvariable SSSD_KRB5_LOCATOR_DEBUG auf irgendeinen Wert "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gesetzt ist, werden Debug-Nachrichten an »stderr« gesandt."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sssd-simple"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sssd-simple"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "the configuration file for SSSD's 'simple' access-control provider"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Konfigurationsdatei für den »einfachen« Zugriffssteuerungsanbieter von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This manual page describes the configuration of the simple access-control "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> manual page."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt die Konfiguration des einfachen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The simple access provider grants or denies access based on an access or "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"deny list of user or group names. The following rules apply:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der einfache Zugriffsanbieter gewährt oder verweigert den Zugriff auf Basis "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einer Zugriffs- oder Verbotsliste von Benutzer- oder Gruppennamen. Es gelten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die folgenden Regeln:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "If all lists are empty, access is granted"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Falls alle Listen leer sind, wird Zugriff gewährt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If any list is provided, the order of evaluation is allow,deny. This means "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that any matching deny rule will supersede any matched allow rule."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls irgendeine Liste bereitgestellt wird, ist die Reihenfolge der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Auswertung »erlauben,verbieten«. Das heißt, dass eine passende verbietende "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Regeln jede passende erlaubende Regel ersetzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If either or both \"allow\" lists are provided, all users are denied unless "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"they appear in the list."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls eine oder beide »Erlaubnislisten« bereitgestellt werden, ist der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zugriff allen Benutzern verboten, sofern sie nicht auf der Liste erscheinen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If only \"deny\" lists are provided, all users are granted access unless "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"they appear in the list."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls nur »Verbotslisten« bereitgestellt werden, wird der Zugriff allen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzern gewährt, sofern sie nicht auf der Liste stehen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "simple_allow_users (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "simple_allow_users (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Comma separated list of users who are allowed to log in."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Durch Kommata getrennte Liste von Benutzern, die sich anmelden dürfen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "simple_deny_users (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "simple_deny_users (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Comma separated list of users who are explicitly denied access."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Durch Kommata getrennte Liste von Benutzern, denen der Zugriff explizit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwehrt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "simple_allow_groups (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "simple_allow_groups (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Comma separated list of groups that are allowed to log in. This applies only "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to groups within this SSSD domain. Local groups are not evaluated."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Durch Kommata getrennte Liste von Gruppen, die sich anmelden dürfen. Dies "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gilt nur für Gruppen innerhalb dieser SSSD-Domain. Lokale Gruppen werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht ausgewertet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "simple_deny_groups (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "simple_deny_groups (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Comma separated list of groups that are explicitly denied access. This "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"applies only to groups within this SSSD domain. Local groups are not "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Durch Kommata getrennte Liste von Gruppen, denen der Zugriff explizit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verwehrt wird. Dies gilt nur für Gruppen innerhalb dieser SSSD-Domain. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Lokale Gruppen werden nicht ausgewertet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-simple.5.xml:70 sssd-ipa.5.xml:82 sssd-ad.5.xml:113
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> manual page for details on the configuration of an SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Einzelheiten über die Konfiguration einer SSSD-Domain finden Sie im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abschnitt »DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>. <placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifying no values for any of the lists is equivalent to skipping it "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entirely. Beware of this while generating parameters for the simple provider "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"using automated scripts."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Keine Werte für eine der Listen anzugeben ist so, als ob sie ganz "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"übersprungen würde. Hüten Sie sich davor, solange Parameter für den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einfachen Anbieter mittels automatischer Skripte erzeugt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that it is an configuration error if both, simple_allow_users "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"and simple_deny_users, are defined."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, das es ein Konfigurationsfehler ist, wenn sowohl "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»simple_allow_users« als auch »simple_deny_users« definiert sind."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following example assumes that SSSD is correctly configured and example."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This examples shows only the simple access provider-specific options."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"example.com eine der im Abschnitt <replaceable>[sssd]</replaceable> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erwähnten Domains ist. Die Beispiele zeigen nur die anbieterspezifischen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optionen des einfachen Anbieters."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"access_provider = simple\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"simple_allow_users = user1, user2\n"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The complete group membership hierarchy is resolved before the access check, "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"thus even nested groups can be included in the access lists. Please be "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"results and should be set to a sufficient value. (<citerefentry> "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"citerefentry>) option."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die vollständige Hierarchie der Gruppenmitgliedschaft wird aufgelöst, bevor "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"die Zugriffsprüfung ausgeführt wird. Daher können selbst verschachtelte "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Gruppen Teil der Zugriffslisten werden. Bitte beachten Sie, dass die Option "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>ldap_group_nesting_level</quote> die Ergebnisse beeinflussen kann und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"daher auf einen ausreichenden Wert gesetzt werden sollte. Siehe "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"(<citerefentry> <refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"manvolnum> </citerefentry>)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "sss-certmap"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "SSSD Certificate Matching and Mapping Rules"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The manual page describes the rules which can be used by SSSD and other "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"components to match X.509 certificates and map them to accounts."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Each rule has four components, a <quote>priority</quote>, a <quote>matching "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"quote>. All components are optional. A missing <quote>priority</quote> will "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"add the rule with the lowest priority. The default <quote>matching rule</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"quote> will match certificates with the digitalSignature key usage and "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the certificates will be searched in the userCertificate attribute as DER "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"encoded binary. If no domains are given only the local domain will be "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "RULE COMPONENTS"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "PRIORITY"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The rules are processed by priority while the number '0' (zero) indicates "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the highest priority. The higher the number the lower is the priority. A "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"missing value indicates the lowest priority."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Internally the priority is treated as unsigned 32bit integer, using a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"priority value larger than 4294967295 will cause an error."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "MATCHING RULE"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The matching rule is used to select a certificate to which the mapping rule "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"should be applied. It uses a system similar to the one used by "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"keyword enclosed by '<' and '>' which identified a certain part of the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"certificate and a pattern which should be found for the rule to match. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Multiple keyword pattern pairs can be either joined with '&&' (and) "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"or '||' (or)."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SUBJECT>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"With this a part or the whole subject name of the certificate can be "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"matched. For the matching POSIX Extended Regular Expression syntax is used, "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"see regex(7) for details."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"For the matching the subject name stored in the certificate in DER encoded "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ASN.1 is converted into a string according to RFC 4514. This means the most "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"specific name component comes first. Please note that not all possible "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"attribute names are covered by RFC 4514. The names included are 'CN', 'L', "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"be shown differently on different platform and by different tools. To avoid "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"confusion those attribute names are best not used or covered by a suitable "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"regular-expression."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<ISSUER>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"With this a part or the whole issuer name of the certificate can be matched. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"All comments for <SUBJECT> apply her as well."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<KU>key-usage"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This option can be used to specify which key usage values the certificate "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"should have. The following values can be used in a comma separated list:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "digitalSignature"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "nonRepudiation"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "keyEncipherment"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "dataEncipherment"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "keyAgreement"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "keyCertSign"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "cRLSign"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "encipherOnly"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "decipherOnly"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"A numerical value in the range of a 32bit unsigned integer can be used as "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"well to cover special use cases."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <KU>digitalSignature,keyEncipherment"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<EKU>extended-key-usage"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This option can be used to specify which extended key usage the certificate "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"should have. The following value can be used in a comma separated list:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "serverAuth"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "clientAuth"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "codeSigning"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "emailProtection"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "timeStamping"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "OCSPSigning"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "KPClientAuth"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "pkinit"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "msScLogin"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Extended key usages which are not listed above can be specified with their "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"OID in dotted-decimal notation."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"To be compatible with the usage of MIT Kerberos this option will match the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Principal> does."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN>.*@MY\\.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:Principal>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:Principal>.*@MY\\.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:ntPrincipalName>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the Kerberos principals from the AD NT Principal SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:ntPrincipalName>.*@MY.AD.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:pkinit>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the Kerberos principals from the PKINIT SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:dotted-decimal-oid>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Take the value of the otherName SAN component given by the OID in dotted-"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"decimal notation, interpret it as string and try to match it against the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"regular expression."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:1.2.3.4>test"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:otherName>base64-string"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Do a binary match with the base64 encoded blob against all otherName SAN "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"components. With this option it is possible to match against custom "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"otherName components with special encodings which could not be treated as "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:otherName>MTIz"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:rfc822Name>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the rfc822Name SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:rfc822Name>.*@email\\.domain"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:dNSName>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the dNSName SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:x400Address>base64-string"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Binary match the value of the x400Address SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:x400Address>MTIz"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:directoryName>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Match the value of the directoryName SAN. The same comments as given for <"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"ISSUER> and <SUBJECT> apply here as well."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:directoryName>.*,DC=com"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:ediPartyName>base64-string"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Binary match the value of the ediPartyName SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:ediPartyName>MTIz"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:uniformResourceIdentifier>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the uniformResourceIdentifier SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:uniformResourceIdentifier>URN:.*"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:iPAddress>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the iPAddress SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:iPAddress>192\\.168\\..*"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "<SAN:registeredID>regular-expression"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Match the value of the registeredID SAN as dotted-decimal string."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: <SAN:registeredID>1\\.2\\.3\\..*"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "MAPPING RULE"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The mapping rule is used to associate a certificate with one or more "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"accounts. A Smartcard with the certificate and the matching private key can "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"then be used to authenticate as one of those accounts."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Currently SSSD basically only supports LDAP to lookup user information (the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"exception is the proxy provider which is not of relevance here). Because of "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"this the mapping rule is based on LDAP search filter syntax with templates "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"to add certificate content to the filter. It is expected that the filter "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"will only contain the specific data needed for the mapping and that the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"caller will embed it in another filter to do the actual search. Because of "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"this the filter string should start and stop with '(' and ')' respectively."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"In general it is recommended to use attributes from the certificate and add "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"them to special attributes to the LDAP user object. E.g. the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"for IPA can be used."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This should be preferred to read user specific data from the certificate "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"like e.g. an email address and search for it in the LDAP server. The reason "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"is that the user specific data in LDAP might change for various reasons "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"would break the mapping. On the other hand it would be hard to break the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"mapping on purpose for a specific user."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the full issuer DN converted to a string according to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the '_x500' prefix should be used."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The conversion options starting with 'ad_' will use attribute names as used "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"by AD, e.g. 'S' instead of 'ST'."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The conversion options starting with 'nss_' will use attribute names as used "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The default conversion option is 'nss', i.e. attribute names according to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"NSS and LDAP/RFC 4514 ordering."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the full subject DN converted to string according to "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the '_x500' prefix should be used."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"{subject_dn!nss_x500})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{cert[!(bin|base64)]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the whole DER encoded certificate as a string to the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"search filter. Depending on the conversion option the binary certificate is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"either converted to an escaped hex sequence '\\xx' or base64. The escaped "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"hex sequence is the default and can e.g. be used with the LDAP attribute "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"'userCertificate;binary'."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (userCertificate;binary={cert!bin})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_principal[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the Kerberos principal which is taken either from the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"SAN used by pkinit or the one used by AD. The 'short_name' component "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"represents the first part of the principal before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(userPrincipal={subject_principal})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"(samAccountName={subject_principal.short_name}))"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_pkinit_principal[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This template will add the Kerberos principal which is given by the SAN used "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"by pkinit. The 'short_name' component represents the first part of the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"principal before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(userPrincipal={subject_pkinit_principal})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_nt_principal[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This template will add the Kerberos principal which is given by the SAN used "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"by AD. The 'short_name' component represent the first part of the principal "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_rfc822_name[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the rfc822Name "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"component of the SAN, typically an email address. The 'short_name' component "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"represents the first part of the address before the '@' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"short_name}))"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_dns_name[.short_name]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the dNSName component "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"of the SAN, typically a fully-qualified host name. The 'short_name' "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"component represents the first part of the name before the first '.' sign."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Example: (|(fqdn={subject_dns_name})(host={subject_dns_name.short_name}))"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_uri}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"uniformResourceIdentifier component of the SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (uri={subject_uri})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_ip_address}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the string which is stored in the iPAddress component "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"of the SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (ip={subject_ip_address})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_x400_address}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the value which is stored in the x400Address "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"component of the SAN as escaped hex sequence."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (attr:binary={subject_x400_address})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the DN string of the value which is stored in the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"directoryName component of the SAN."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (orig_dn={subject_directory_name})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_ediparty_name}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the value which is stored in the ediPartyName "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"component of the SAN as escaped hex sequence."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (attr:binary={subject_ediparty_name})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "{subject_registered_id}"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This template will add the OID which is stored in the registeredID component "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"of the SAN as a dotted-decimal string."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Example: (oid={subject_registered_id})"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The templates to add certificate data to the search filter are based on "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Python-style formatting strings. They consist of a keyword in curly braces "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"with an optional sub-component specifier separated by a '.' or an optional "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"conversion/formatting option separated by a '!'. Allowed values are: "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "DOMAIN LIST"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"If the domain list is not empty users mapped to a given certificate are not "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"only searched in the local domain but in the listed domains as well as long "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"as they are know by SSSD. Domains not know to SSSD will be ignored."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "sssd-ipa"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgstr "sssd-ipa"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "SSSD IPA provider"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgstr "SSSD IPA-Anbieter"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This manual page describes the configuration of the IPA provider for "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt die Konfiguration des IPA-Anbieters für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The IPA provider is a back end used to connect to an IPA server. (Refer to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the freeipa.org web site for information about IPA servers.) This provider "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"requires that the machine be joined to the IPA domain; configuration is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"almost entirely self-discovered and obtained directly from the server."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der IPA-Anbieter ist ein Backend, das zum Verbinden mit einem IPA-Server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt wird. (Informationen über IPA-Server finden Sie auf der Website "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»freeipa.org«.) Dieser Anbieter erfordert, dass der Rechner einer IPA-Domain "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beitritt. Die Konfiguration wird nahezu vollständig selbst ermittelt und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"direkt vom Server genommen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"optimizations for IPA environments. The IPA provider accepts the same "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"However, it is neither necessary nor recommended to set these options."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The IPA provider primarily copies the traditional ldap and krb5 provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"default options with some exceptions, the differences are listed in the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"As an access provider, the IPA provider uses HBAC (host-based access "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"control) rules. Please refer to freeipa.org for more information about "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"HBAC. No configuration of access provider is required on the client side."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"configured in sssd.conf then the id_provider must also be set to <quote>ipa</"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The IPA provider will use the PAC responder if the Kerberos tickets of users "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"from trusted realms contain a PAC. To make configuration easier the PAC "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"responder is started automatically if the IPA ID provider is configured."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der IPA-Anbieter wird den PAC-Responder benutzen, falls die Kerberos-Tickets "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"von Anwendern vertrauenswürdiger Realms ein PAC enthalten. Um die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration zu vereinfachen, wird der PAC-Responder automatisch gestartet, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"falls der IPA-ID-Anbieter konfiguriert ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_domain (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_domain (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the name of the IPA domain. This is optional. If not provided, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the configuration domain name is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Namen der IPA-Domain an. Dies ist optional. Ist er nicht angegeben, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird der Domain-Name der Konfiguration benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_server, ipa_backup_server (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_server, ipa_backup_server (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The comma-separated list of IP addresses or hostnames of the IPA servers to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"which SSSD should connect in the order of preference. For more information "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This is optional if autodiscovery is enabled. For more information on "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen der IPA-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Server in der Reihenfolge, in der sich SSSD mit ihnen verbinden soll. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abschnitt »AUSFALLSICHERUNG«. Falls automatisches Auffinden aktiviert ist, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ist dies optional. Weitere Informationen finden Sie im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»DIENSTSUCHE«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_hostname (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_hostname (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Optional. May be set on machines where the hostname(5) does not reflect "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "the fully qualified name used in the IPA domain to identify this host."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optional. May be set on machines where the hostname(5) does not reflect the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"fully qualified name used in the IPA domain to identify this host. The "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"hostname must be fully qualified."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional, kann auf Maschinen, bei denen »hostname(5)« nicht den voll "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"qualifizierten Namen in der IPA-Domain widerspiegelt, benutzt werden, um sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zu identifizieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dyndns_update (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dyndns_update (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optional. This option tells SSSD to automatically update the DNS server "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"built into FreeIPA with the IP address of this client. The update is secured "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"quote> option."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the default Kerberos realm must be set properly in /etc/krb5.conf"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Auf älteren Systemen (wie RHEL 5) muss der Standard-Kerberos-Realm "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ordentlich in /etc/krb5.conf gesetzt sein, damit dies zuverlässig "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"funktioniert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> in their config file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Obwohl es immer noch möglich ist, die alte Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>ipa_dyndns_update</emphasis> zu benutzen, sollten Anwender auf die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verwendung von <emphasis>dyndns_update</emphasis> in ihrer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfigurationsdatei migrieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dyndns_ttl (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dyndns_ttl (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The TTL to apply to the client DNS record when updating it. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dyndns_update is false this has no effect. This will override the TTL "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"serverside if set by an administrator."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die TTL, die beim Aktualisieren auf den Client-DNS-Datensatz angewandt wird. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls »dyndns_update« »false« ist, hat dies keine Auswirkungen. Diese wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Server-seitige TTL außer Kraft setzen, falls diese durch einen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Administrator gesetzt wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> in their config file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Obwohl es immer noch möglich ist, die alte Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>ipa_dyndns_ttl</emphasis> zu benutzen, sollten Anwender auf die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verwendung von <emphasis>dyndns_ttl</emphasis> in ihrer Konfigurationsdatei "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 1200 (seconds)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 1200 (Sekunden)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dyndns_iface (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dyndns_iface (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optional. Applicable only when dyndns_update is true. Choose the interface "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"or a list of interfaces whose IP addresses should be used for dynamic DNS "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"should be used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> in their config file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Obwohl es immer noch möglich ist, die alte Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>ipa_dyndns_iface</emphasis> zu benutzen, sollten Anwender auf die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verwendung von <emphasis>dyndns_iface</emphasis> in ihrer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfigurationsdatei migrieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Default: Use the IP addresses of the interface which is used for IPA LDAP "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Example: dyndns_iface = em1, vnet1, vnet2"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "dyndns_auth (string)"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"updates with the DNS server, insecure updates can be sent by setting this "
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek"option to 'none'."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "Default: GSS-TSIG"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_enable_dns_sites (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_enable_dns_sites (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Enables DNS sites - location based service discovery."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "aktiviert DNS-Sites – standortbasierte Dienstsuche"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If true and service discovery (see Service Discovery paragraph at the bottom "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of the man page) is enabled, then the SSSD will first attempt location "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"based discovery using a query that contains \"_location.hostname.example.com"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"\" and then fall back to traditional SRV discovery. If the location based "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"discovery succeeds, the IPA servers located with the location based "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"discovery are treated as primary servers and the IPA servers located using "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the traditional SRV discovery are used as back up servers"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ist dies »true« und die Dienstsuche aktiviert (siehe den Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dienstsuche am Ende der Handbuchseite), dann wird SSSD zuerst versuchen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eine standortbasierte Suche mittels einer Abfrage, die »_location.hostname."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"example.com« enthält, durchzuführen und dann auf die traditionelle SRV-Suche "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zurückgreifen. Falls die standortbasierte Suche erfolgreich ist, werden die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"georteten IPA-Server, die mit der standortbasierten Suche gefunden wurden, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"als primäre Server betrachtet und die mit der traditionellen SRV-Suche "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gefundenen als Sicherungsserver."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dyndns_refresh_interval (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dyndns_refresh_interval (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"How often should the back end perform periodic DNS update in addition to the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"automatic update performed when the back end goes online. This option is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional and applicable only when dyndns_update is true."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wie oft das Backend periodische DNS-Aktualisierungen zusätzlich zur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"automatisch beim Online-Gehen durchgeführten Aktualisierung vornehmen soll. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option ist optional und nur anwendbar, wenn »dyndns_update« »true« ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dyndns_update_ptr (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dyndns_update_ptr (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Whether the PTR record should also be explicitly updated when updating the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"client's DNS records. Applicable only when dyndns_update is true."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ob der PTR-Datensatz ebenfalls explizit aktualisiert werden soll, wenn die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DNS-Datensätze des Clients aktualisiert werden; nur anwendbar, wenn "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»dyndns_update« »true« ist"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option should be False in most IPA deployments as the IPA server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"generates the PTR records automatically when forward records are changed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option sollte in den meisten IPA-Bereitstellungen »False« sein, da der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"IPA-Server die PTR-Datensätze automatisch erzeugt, wenn sich "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weiterleitungsdatensätze ändern."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: False (disabled)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: False (deaktiviert)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "dyndns_force_tcp (bool)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "dyndns_force_tcp (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Whether the nsupdate utility should default to using TCP for communicating "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"with the DNS server."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ob das Hilfswerkzeug Nsupdate standardmäßig TCP zur Kommunikation mit dem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DNS-Server verwenden soll"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: False (let nsupdate choose the protocol)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: False (lässt Nsupdate das Protokoll auswählen)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "dyndns_server (string)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"The DNS server to use when performing a DNS update. In most setups, it's "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"recommended to leave this option unset."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Setting this option makes sense for environments where the DNS server is "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"different from the identity server."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Please note that this option will be only used in fallback attempt when "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"previous attempt using autodetected settings failed."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: None (let nsupdate choose the server)"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ipa_host_search_base (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_deskprofile_search_base (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_host_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Optional. Use the given string as search base for HBAC related objects."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Optional. Use the given string as search base for Desktop Profile related "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bezogene Objekte"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Use base DN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: verwendet Basis-DN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_hbac_search_base (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_hbac_search_base (Zeichenkette)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Optional. Use the given string as search base for HBAC related objects."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für HBAC-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"bezogene Objekte"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_host_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_host_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "Deprecated. Use ldap_host_search_base instead."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_selinux_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_selinux_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Optional. Use the given string as search base for SELinux user maps."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SELinux-Benutzerabbildungen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_subdomains_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_subdomains_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Optional. Use the given string as search base for trusted domains."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"vertrauenswürdige Domains"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: der Wert von <emphasis>cn=trusts,%basedn</emphasis>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_master_domain_search_base (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_master_domain_search_base (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Optional. Use the given string as search base for master domain object."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional, verwendet die angegebene Zeichenkette als Suchgrundlage für das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Master-Domain-Objekt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: der Wert von <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_views_search_base (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Optional. Use the given string as search base for views containers."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The name of the Kerberos realm. This is optional and defaults to the value "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of <quote>ipa_domain</quote>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Name des Kerberos-Realm. Dieser ist optional. Standardmäßig ist es der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wert von »ipa_domain«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The name of the Kerberos realm has a special meaning in IPA - it is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"converted into the base DN to use for performing LDAP operations."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Name des Kerberos-Realms hat in IPA eine besondere Bedeutung – er wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in den Basis-DN umgewandelt, um ihn zur Durchführung von LDAP-Transaktionen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zu verwenden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_confd_path (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Absolute path of a directory where SSSD should place Kerberos configuration "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"To disable the creation of the configuration snippets set the parameter to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Default: not set (krb5.include.d subdirectory of SSSD's pubconf directory)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ipa_hbac_refresh (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_deskprofile_refresh (integer)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "ipa_hbac_refresh (Ganzzahl)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The amount of time between lookups of the HBAC rules against the IPA "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "server. This will reduce the latency and load on the IPA server if there "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "are many access-control requests made in a short period."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the Desktop Profile rules against the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"IPA server. This will reduce the latency and load on the IPA server if there "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"are many desktop profiles requests made in a short period."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ipa.5.xml:471 sssd-ipa.5.xml:501 sssd-ipa.5.xml:517 sssd-ad.5.xml:428
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: 5 (seconds)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgstr "Voreinstellung: 5 (Sekunden)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "ldap_sudo_full_refresh_interval (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_deskprofile_request_interval (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ldap_sudo_full_refresh_interval (Ganzzahl)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The amount of time between lookups of the HBAC rules against the IPA "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "server. This will reduce the latency and load on the IPA server if there "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "are many access-control requests made in a short period."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the Desktop Profile rules against the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"IPA server in case the last request did not return any rule."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Default: 900 (15 minutes)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 60 (minutes)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Voreinstellung: 900 (15 Minuten)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_hbac_refresh (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_hbac_refresh (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the HBAC rules against the IPA server. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This will reduce the latency and load on the IPA server if there are many "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"access-control requests made in a short period."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"die Zeit zwischen dem Abrufen der HBAC-Regeln beim IPA-Server. Dies wird die "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Wartezeit und Belastung des IPA-Servers verringern, falls dort viele "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Zugriffssteuerungsanfragen in einer kurzen Zeitspanne ankommen."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "ipa_hbac_selinux (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "ipa_hbac_selinux (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The amount of time between lookups of the SELinux maps against the IPA "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"server. This will reduce the latency and load on the IPA server if there are "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"many user login requests made in a short period."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"die Zeit zwischen den Abrufen der SELinux-Abbildungen beim IPA-Server. Dies "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"wird die Wartezeit und Belastung des IPA-Servers verringern, falls dort "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"viele Benutzeranmeldeanfragen in einer kurzen Zeitspanne ankommen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_server_mode (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_server_mode (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This option will be set by the IPA installer (ipa-server-install) "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"automatically and denotes if SSSD is running on an IPA server or not."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"On an IPA server SSSD will lookup users and groups from trusted domains "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"directly while on a client it will ask an IPA server."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"NOTE: There are currently some assumptions that must be met when SSSD is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"running on an IPA server."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"The <quote>ipa_server</quote> option must be configured to point to the IPA "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"server itself. This is already the default set by the IPA installer, so no "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"manual change is required."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"The <quote>full_name_format</quote> option must not be tweaked to only print "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"short names for users from trusted domains."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ipa_automount_location (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ipa_automount_location (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The automounter location this IPA client will be using"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "der Ort des Automounters, den dieser IPA-Client benutzen wird"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: The location named \"default\""
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: der Ort namens »default«"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "VIEWS AND OVERRIDES"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_view_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Objectclass of the view container."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: nsContainer"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_view_name (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Name of the attribute holding the name of the view."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "ipa_override_object_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Objectclass of the override objects."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaOverrideAnchor"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_anchor_uuid (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Name of the attribute containing the reference to the original object in a "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"remote domain."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaAnchorUUID"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_user_override_object_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Name of the objectclass for user overrides. It is used to determine if the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"found override object is related to a user or a group."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "User overrides can contain attributes given by"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_name"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_uid_number"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_gid_number"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_gecos"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_user_home_directory"
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_user_shell"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozekmsgid "ldap_user_ssh_public_key"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaUserOverride"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ipa_group_override_object_class (string)"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"Name of the objectclass for group overrides. It is used to determine if the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"found override object is related to a user or a group."
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Group overrides can contain attributes given by"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_group_name"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "ldap_group_gid_number"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "Default: ipaGroupOverride"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"later version. Since all paths and objectclasses are fixed on the server "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"side there is basically no need to configure anything. For completeness the "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"related options are listed here with their default values. <placeholder "
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek"type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SUBDOMAINS PROVIDER"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ANBIETER VON UNTER-DOMAINS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The IPA subdomains provider behaves slightly differently if it is configured "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"explicitly or implicitly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Anbieter für IPA-Subdomains verhält sich geringfügig anders, je nachdem, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ob er explizit oder implizit konfiguriert wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the option 'subdomains_provider = ipa' is found in the domain section of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sssd.conf, the IPA subdomains provider is configured explicitly, and all "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"subdomain requests are sent to the IPA server if necessary."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls die Option »subdomains_provider = ipa« im Domain-Abschnitt der »sssd."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"conf« gefunden wird, wird der IPA-Subdomain-Anbieter explizit konfiguriert "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und alle Subdomain-Anfragen werden, falls nötig, an den IPA-Server gesandt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the option 'subdomains_provider' is not set in the domain section of sssd."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"conf but there is the option 'id_provider = ipa', the IPA subdomains "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider is configured implicitly. In this case, if a subdomain request "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fails and indicates that the server does not support subdomains, i.e. is not "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"configured for trusts, the IPA subdomains provider is disabled. After an "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hour or after the IPA provider goes online, the subdomains provider is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"enabled again."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls die Option »subdomains_provider« nicht im Domain-Abschnitt der »sssd."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"conf« gesetzt ist, es dort aber die Option »id_provider = ipa« gibt, wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der IPA-Subdomain-Anbieter implizit konfiguriert. In diesem Fall wird der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"IPA-Anbieter deaktiviert, falls eine Subdomain-Anfrage fehlschlägt und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"anzeigt, dass der Server keine Subdomains unterstützt, d.h. nicht zum "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Vertrauen konfiguriert ist. Nach einer Stunde oder nachdem der IPA-Server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"online gegangen ist, wird der Subdomain-Anbieter erneut aktiviert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following example assumes that SSSD is correctly configured and example."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This examples shows only the ipa provider-specific options."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"example.com eine der im Abschnitt <replaceable>[sssd]</replaceable> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erwähnten Domänen ist. Diese Beispiele zeigen nur die anbieterspezifischen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optionen von IPA."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"id_provider = ipa\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ipa_hostname = myhost.example.com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sssd-ad"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sssd-ad"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD Active Directory provider"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "SSSD Active-Directory-Anbieter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This manual page describes the configuration of the AD provider for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt die Konfiguration des AD-Anbieters für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"</citerefentry>. Eine ausführliche Syntax-Referenz finden Sie im Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»DATEIFORMAT« der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The AD provider is a back end used to connect to an Active Directory server. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This provider requires that the machine be joined to the AD domain and a "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"keytab is available. Back end communication occurs over a GSSAPI-encrypted "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"channel, SSL/TLS options should not be used with the AD provider and will be "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"superseded by Kerberos usage."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The AD provider supports connecting to Active Directory 2008 R2 or later. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Earlier versions may work, but are unsupported."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der AD-Anbieter unterstützt das Verbinden mit Active Directory 2008 R2 oder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"neuer. Frühere Versionen könnten funktionieren, werden aber nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterstützt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"The AD provider can be used to get user information and authenticate users "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"from trusted domains. Currently only trusted domains in the same forest are "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"recognized. In addition servers from trusted domains are always auto-"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"discovered."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"optimizations for Active Directory environments. The AD provider accepts the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"same options used by the sssd-ldap and sssd-krb5 providers with some "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"exceptions. However, it is neither necessary nor recommended to set these "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The AD provider primarily copies the traditional ldap and krb5 provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"default options with some exceptions, the differences are listed in the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"The AD provider can also be used as an access, chpass, sudo and autofs "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"provider. No configuration of the access provider is required on the client "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"configured in sssd.conf then the id_provider must also be set to <quote>ad</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_id_mapping = False\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_id_mapping = False\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "By default, the AD provider will map UID and GID values from the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "objectSID parameter in Active Directory. For details on this, see the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "<quote>ID MAPPING</quote> section below. If you want to disable ID "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "mapping and instead rely on POSIX attributes defined in Active Directory, "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "you should set <placeholder type=\"programlisting\" id=\"0\"/> In order "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "to retrieve users and groups using POSIX attributes from trusted domains, "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "the AD administrator must make sure that the POSIX attributes are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "replicated to the Global Catalog."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"By default, the AD provider will map UID and GID values from the objectSID "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"parameter in Active Directory. For details on this, see the <quote>ID "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"MAPPING</quote> section below. If you want to disable ID mapping and instead "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"rely on POSIX attributes defined in Active Directory, you should set "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"be used, it is recommended for performance reasons that the attributes are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"also replicated to the Global Catalog. If POSIX attributes are replicated, "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"SSSD will attempt to locate the domain of a requested numerical ID with the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"help of the Global Catalog and only search that domain. In contrast, if "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"POSIX attributes are not replicated to the Global Catalog, SSSD must search "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"all the domains in the forest sequentially. Please note that the "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<quote>cache_first</quote> option might be also helpful in speeding up "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"domainless searches."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Standardmäßig bildet der Active-Directory-Anbieter die Werte für Benutzer- "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"und Gruppen-ID des objectSID-Parameters in Active Directory ab. Details "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"hierzu finden Sie im nachfolgenden Abschnitt <quote>ID-ABBILDUNG</quote>. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Falls Sie die ID-Abbildung deaktivieren und stattdessen die in Active "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Directory definierten POSIX-Attribute verwenden wollen, sollten Sie "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> setzen. Um Benutzer und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Gruppen von vertrauenswürdigen Domains mittels POSIX-Attributen abfragen zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"können, muss der AD-Administrator sicherstellen, dass die POSIX-Attribute im "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Globalen Katalog repliziert werden."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Users, groups and other entities served by SSSD are always treated as case-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"insensitive in the AD provider for compatibility with Active Directory's "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"LDAP implementation."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Für Benutzer, Gruppen und weitere von SSSD bereitgestellt Einträge wird die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Groß- oder Kleinschreibung nicht beachtet, um die Kompatibilität zur LDAP-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Implementation in Active Directory zu gewährleisten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ad_domain (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ad_domain (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the name of the Active Directory domain. This is optional. If not "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provided, the configuration domain name is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt den Namen der Active-Directory-Domain an. Dieser ist optional. Ist er "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht angegeben, wird der Name der konfigurierten Domain benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For proper operation, this option should be specified as the lower-case "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"version of the long version of the Active Directory domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Damit dies ordentlich funktioniert, sollte diese Option in der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kleingeschriebenen Variante der langen Version der Active-Directory-Domain "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"angegeben werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The short domain name (also known as the NetBIOS or the flat name) is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"autodetected by the SSSD."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der kurze Domain-Name (auch als NetBIOS- oder flacher Name bekannt) wird von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD automatisch ermittelt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozekmsgid "ad_enabled_domains (string)"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"A comma-separated list of enabled Active Directory domains. If provided, "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"SSSD will ignore any domains not listed in this option. If left unset, all "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"domains from the AD forest will be available."
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"ad_enabled_domains = sales.example.com, eng.example.com\n"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"For proper operation, this option must be specified in all lower-case and as "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"the fully qualified domain name of the Active Directory domain. For example: "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"The short domain name (also known as the NetBIOS or the flat name) will be "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"autodetected by SSSD."
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ad_server, ad_backup_server (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ad_server, ad_backup_server (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The comma-separated list of hostnames of the AD servers to which SSSD should "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"connect in order of preference. For more information on failover and server "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"redundancy, see the <quote>FAILOVER</quote> section."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"This is optional if autodiscovery is enabled. For more information on "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Note: Trusted domains will always auto-discover servers even if the primary "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"server is explicitly defined in the ad_server option."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ad_hostname (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ad_hostname (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optional. May be set on machines where the hostname(5) does not reflect the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fully qualified name used in the Active Directory domain to identify this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optional, kann auf Maschinen, bei denen »hostname(5)« nicht den voll "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"qualifizierten Namen in der Active-Directory-Domain widerspiegelt, benutzt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden, um sie zu identifizieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This field is used to determine the host principal in use in the keytab. It "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"must match the hostname for which the keytab was issued."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dieses Feld wird benutzt, um den in der Keytab benutzten Host Principal zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmen. Er muss dem Rechnernamen entsprechen, für die die Keytab "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ausgegeben wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ad_enable_dns_sites (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ad_enable_dns_sites (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If true and service discovery (see Service Discovery paragraph at the bottom "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of the man page) is enabled, the SSSD will first attempt to discover the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory server to connect to using the Active Directory Site "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Discovery and fall back to the DNS SRV records if no AD site is found. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DNS SRV configuration, including the discovery domain, is used during site "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"discovery as well."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ist dies »true« und die Dienstsuche aktiviert (siehe den Abschnitt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dienstsuche am Ende der Handbuchseite), dann wird SSSD zuerst versuchen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sich mit dem Active-Directory-Server zu verbinden, um die Active Directory "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Site Discovery zu benutzen und dann auf die DNS-SRV-Datensätze "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zurückgreifen, falls keine AD-Site gefunden wurde. Die DNS-SRV-Konfiguration "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird ebenfalls einschließlich der Domain zur Aufdeckung bei der Site-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aufdeckung verwendet."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ad_access_filter (string)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ad_access_filter (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This option specifies LDAP access control filter that the user must match in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"order to be allowed access. Please note that the <quote>access_provider</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"quote> option must be explicitly set to <quote>ad</quote> in order for this "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"option to have an effect."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Option gibt Zugriffskontrollfilter für LDAP an, die auf den Benutzer "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"passen müssen, damit ihm Zugriff gewährt werden kann. Bitte beachten Sie, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"dass die Option <quote>access_provider</quote> explizit auf <quote>ad</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"quote> gesetzt werden muss, damit sie wirksam ist."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The option also supports specifying different filters per domain or forest. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Option unterstützt auch die Angabe verschiedener Filter pro Domain "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"oder Wald. Dieser erweiterte Filter würde bestehen aus: <quote>SCHLÜSSELWORT:"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"NAME:FILTER</quote>. Das Schlüsselwort kann entweder <quote>DOM</quote> oder "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>FOREST</quote> sein oder auch weggelassen werden."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"quote> specifies the domain or subdomain the filter applies to. If the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"domains from the forest specified by <quote>NAME</quote>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Falls das Schlüsselwort <quote>DOM</quote> ist oder fehlt, dann gibt der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>NAME</quote> die Domain oder Subdomain an, auf die der Filter "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"angewendet werden soll. Ist das Schlüsselwort <quote>FOREST</quote>, dann "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gilt der Filter für alle angegebenen Domains aus dem Wald, der in "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>NAME</quote> angegeben ist."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Multiple filters can be separated with the <quote>?</quote> character, "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"similarly to how search bases work."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Mehrere Filter können durch Fragezeichen <quote>?</quote> getrennt werden, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"so wie es auch in Suchmaschinen üblich ist."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Nested group membership must be searched for using a special OID "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"example.org: syntax to ensure the parser does not attempt to interpret the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"colon characters associated with the OID. If you do not use this OID then "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"nested group membership will not be resolved. See usage example below and "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"refer here for further information about the OID: <ulink url=\"https://msdn."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"microsoft.com/en-us/library/cc223367.aspx\"> [MS-ADTS] section LDAP "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"extensions</ulink>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The most specific match is always used. For example, if the option specified "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"filter for a domain the user is a member of and a global filter, the per-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"domain filter would be applied. If there are more matches with the same "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"specification, the first one is used."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Es wird stets der spezifischste Treffer verwendet. Wenn zum Beispiel in der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"den Filter angebenden Option der Benutzer ein Mitglied ist und es sich um "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"einen globalen Filter handelt, wird der pro-Domain-Filter angewendet. Gibt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"es mehrere Treffer, die der angeforderten Spezifikation entsprechen, wird "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"der erste verwendet."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"# apply filter on domain called dom1 only:\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"# apply filter on domain called dom2 only:\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"# apply filter on forest called EXAMPLE.COM only:\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"FOREST:EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"# apply filter for a member of a nested group in dom1:\n"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "ad_site (string)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Specify AD site to which client should try to connect. If this option is "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"not provided, the AD site will be auto-discovered."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ad_enable_gc (boolean)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ad_enable_gc (Boolesch)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"By default, the SSSD connects to the Global Catalog first to retrieve users "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"from trusted domains and uses the LDAP port to retrieve group memberships or "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"port of the current AD server."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Standardmäßig verbindet sich SSSD zuerst mit dem Globalen Katalog, um "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Benutzer von vertrauenswürdigen Domains abfragen zu können. Der LDAP-Port "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"wird zum Ermitteln von Gruppenmitgliedschaften oder als Ausweichmöglichkeit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwendet. Wenn Sie diese Option deaktivieren, verbindet sich SSSD nur mit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"dem LDAP-Port des aktuellen Servers."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that disabling Global Catalog support does not disable "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"retrieving users from trusted domains. The SSSD would connect to the LDAP "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"port of trusted domains instead. However, Global Catalog must be used in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"order to resolve cross-domain group memberships."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bitte beachten Sie, dass die Deaktivierung der Unterstützung für den "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Globalen Katalog die Abfrage von Benutzern von vertrauenswürdigen Domains "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"nicht deaktiviert. SSSD würde sich stattdessen mit dem LDAP-Port der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"vertrauenswürdigen Domains verbinden. Jedoch muss der Globale Katalog "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwendet werden, um domainübergreifende Gruppenmitgliedschaften auflösen zu "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "ad_gpo_access_control (string)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "ad_gpo_access_control (Zeichenkette)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This option specifies the operation mode for GPO-based access control "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"functionality: whether it operates in disabled mode, enforcing mode, or "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"permissive mode. Please note that the <quote>access_provider</quote> option "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"must be explicitly set to <quote>ad</quote> in order for this option to have "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Option legt den Operationsmodus für GPO-basierte Zugriffskontrolle "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"fest. Verfügbar sind die Modi »disabled«, »enforcing« und »permissive«. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bitte beachten Sie, dass die Option <quote>access_provider</quote> explizit "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"auf <quote>ad</quote> gesetzt werden muss, damit sie wirksam ist."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"GPO-based access control functionality uses GPO policy settings to determine "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"whether or not a particular user is allowed to logon to a particular host."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die GPO-basierte Zugriffskontrolle verwendet gesetzte GPO-Regeln, um zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ermitteln, ob sich ein bestimmter Benutzer an einem bestimmten Rechner "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"anmelden darf."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"NOTE: The current version of SSSD does not support host (computer) entries "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"in the GPO 'Security Filtering' list. Only user and group entries are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"supported. Host entries in the list have no effect."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"NOTE: If the operation mode is set to enforcing, it is possible that users "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"that were previously allowed logon access will now be denied logon access "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"(as dictated by the GPO policy settings). In order to facilitate a smooth "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"transition for administrators, a permissive mode is available that will not "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"enforce the access control rules, but will evaluate them and will output a "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"syslog message if access would have been denied. By examining the logs, "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"administrators can then make the necessary changes before setting the mode "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"to enforcing."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ACHTUNG: Wird der Operationsmodus auf »enforcing« gesetzt, dann ist es "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"möglich, dass Benutzern, denen früher bereits einmal Zugriff gewährt wurde, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ihnen dieser nun verweigert wird (sofern dies von den GPO-Regeln "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"vorgeschrieben wird). Um Administratoren einen weichen Übergang zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ermöglichen, ist der Modus »permissive« verfügbar, der die Umsetzung der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Zugriffskontrollregeln nicht erzwingt. Diese werden lediglich ausgewertet "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"und eine Meldung geht an das Systemprotokoll, falls tatsächlich der Zugriff "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verweigert werden würde. Nach dem Untersuchen der Protokolle können "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Administratoren nun die nötigen Änderungen vornehmen, bevor der Modus auf "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"»enforcing« gesetzt wird."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "There are three supported values for this option:"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Für diese Option werden drei Werte unterstützt:"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"disabled: GPO-based access control rules are neither evaluated nor enforced."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"disabled: GPO-basierte Zugriffskontrollregeln werden weder ausgewertet noch "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"deren Anwendung erzwungen."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "enforcing: GPO-based access control rules are evaluated and enforced."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"enforcing: GPO-basierte Zugriffskontrollregeln werden sowohl ausgewertet als "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"auch deren Anwendung erzwungen."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"permissive: GPO-based access control rules are evaluated, but not enforced. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Instead, a syslog message will be emitted indicating that the user would "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"have been denied access if this option's value were set to enforcing."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"permissive: GPO-basierte Zugriffskontrollregeln werden zwar ausgewertet, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"aber deren Anwendung nicht erzwungen. Stattdessen wird eine Meldung an das "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Systemprotokoll ausgelöst, mit dem Inhalt, dass dem Benutzer der Zugriff "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verweigert werden würde, wenn die Option auf »enforcing« gesetzt wäre."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: permissive"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Voreinstellung: permissive"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "Default: enforcing"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_cache_timeout (integer)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The amount of time between lookups of GPO policy files against the AD "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"server. This will reduce the latency and load on the AD server if there are "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"many access-control requests made in a short period."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_interactive (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the InteractiveLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyInteractiveLogonRight policy settings."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"log on locally\" and \"Deny log on locally\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_interactive = +my_pam_service, -login\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>login</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#: sssd-ad.5.xml:461 sssd-ad.5.xml:557 sssd-ad.5.xml:603 sssd-ad.5.xml:648
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: the default set of PAM service names includes:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "login"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "gdm-fingerprint"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "gdm-password"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "gdm-smartcard"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "lightdm"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "unity"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_remote_interactive (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the RemoteInteractiveLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyRemoteInteractiveLogonRight policy settings."
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"log on through Remote Desktop Services\" and \"Deny log on through Remote "
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek"Desktop Services\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>sshd</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "cockpit"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_network (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the NetworkLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyNetworkLogonRight policy settings."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Access "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"this computer from the network\" and \"Deny access to this computer from the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_network = +my_pam_service, -ftp\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>ftp</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "samba"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_batch (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"policy settings."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"log on as a batch job\" and \"Deny log on as a batch job\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_batch = +my_pam_service, -crond\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for this logon right (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>crond</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "crond"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_service (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"control is evaluated based on the ServiceLogonRight and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"DenyServiceLogonRight policy settings."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Note: Using the Group Policy Management Editor this value is called \"Allow "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"log on as a service\" and \"Deny log on as a service\"."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_service = +my_pam_service\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add a PAM service name to the default set by using <quote>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"+service_name</quote>. Since the default set is empty, it is not possible "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"to remove a PAM service name from the default set. For example, in order to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"add a custom pam service name (e.g. <quote>my_pam_service</quote>), you "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"would use the following configuration: <placeholder type=\"programlisting\" "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_permit (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access is "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"always granted, regardless of any GPO Logon Rights."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_permit = +my_pam_service, -sudo\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"It is possible to add another PAM service name to the default set by using "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"the default set by using <quote>-service_name</quote>. For example, in "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"order to replace a default PAM service name for unconditionally permitted "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"access (e.g. <quote>sudo</quote>) with a custom pam service name (e.g. "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>my_pam_service</quote>), you would use the following configuration: "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "polkit-1"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "sudo-i"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "systemd-user"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_map_deny (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"A comma-separated list of PAM service names for which GPO-based access is "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"always denied, regardless of any GPO Logon Rights."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"ad_gpo_map_deny = +my_pam_service\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "ad_gpo_default_right (string)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"This option defines how access control is evaluated for PAM service names "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"that are not explicitly listed in one of the ad_gpo_map_* options. This "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"option can be set in two different manners. First, this option can be set to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"use a default logon right. For example, if this option is set to "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"'interactive', it means that unmapped PAM service names will be processed "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"settings. Alternatively, this option can be set to either always permit or "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"always deny access for unmapped PAM service names."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Supported values for this option include:"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "interactive"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "remote_interactive"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "network"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "batch"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "service"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "permit"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Default: deny"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ad_maximum_machine_account_password_age (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"SSSD will check once a day if the machine account password is older than the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"given age in days and try to renew it. A value of 0 will disable the renewal "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: 30 days"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ad_machine_account_password_renewal_opts (string)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"This option should only be used to test the machine account renewal task. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The option expects 2 integers separated by a colon (':'). The first integer "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"defines the interval in seconds how often the task is run. The second "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"specifies the initial timeout in seconds before the task is run for the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"first time after startup."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Default: 86400:750 (24h and 15m)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optional. This option tells SSSD to automatically update the Active "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directory DNS server with the IP address of this client. The update is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"only needs to allow secure updates for the DNS zone. The IP address of the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"AD LDAP connection is used for the updates, if it is not otherwise specified "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"by using the <quote>dyndns_iface</quote> option."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Optional. Diese Option teilt SSSD mit, dass es den Active-Directory-DNS-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Server mit der IP-Adresse dieses Clients aktualisieren soll. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aktualisierung wird mittels GSS-TSIG abgesichert. Infolgedessen muss der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active-Directory-Verwalter nur sichere Aktualisierungen für die DNS-Zone "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erlauben. Die IP-Adresse der AD-LDAP-Verbindung wird für die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aktualisierungen verwendet, falls sie nicht anderweitig mittels der Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»dyndns_iface« angegeben wurde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 3600 (seconds)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 3600 (Sekunden)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Default: Use the IP addresses of the interface which is used for AD LDAP "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"How often should the back end perform periodic DNS update in addition to the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"automatic update performed when the back end goes online. This option is "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"optional and applicable only when dyndns_update is true. Note that the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"lowest possible value is 60 seconds in-case if value is provided less than "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"60, parameter will assume lowest value only."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "Default: True"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "Voreinstellung: True"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following example assumes that SSSD is correctly configured and example."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This example shows only the AD provider-specific options."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert ist und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"example.com auf eine der Domains im Abschnitt <replaceable>[sssd]</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> gesetzt ist. Dieses Beispiel zeigt nur die anbieterspezifischen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optionen von AD."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"id_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auth_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"chpass_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"id_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auth_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"chpass_provider = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_access_order = expire\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_account_expire_policy = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"access_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_access_order = expire\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_account_expire_policy = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The AD access control provider checks if the account is expired. It has the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"same effect as the following configuration of the LDAP provider: "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der AD-Zugriffssteuerungsanbieter prüft, ob das Konto erloschen ist. Es hat "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dieselben Auswirkungen wie die folgende Konfiguration des LDAP-Anbieters: "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"However, unless the <quote>ad</quote> access control provider is explicitly "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"configured, the default access provider is <quote>permit</quote>. Please "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"note that if you configure an access provider other than <quote>ad</quote>, "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"you need to set all the connection parameters (such as LDAP URIs and "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"encryption details) manually."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"are included in the default Active Directory schema."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refmeta><refentrytitle>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-sudo.5.xml:10 sssd-sudo.5.xml:16 sssd-session-recording.5.xml:10
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sssd-sudo"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sssd-sudo"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Configuring sudo with the SSSD back end"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Sudo mit dem SSSD-Backend konfigurieren"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This manual page describes how to configure <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt, wie <citerefentry> <refentrytitle>sudo</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> konfiguriert wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"damit es zusammen mit <citerefentry> <refentrytitle>sssd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry> funktioniert und wie SSSD Sudo-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regeln zwischenspeichert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Configuring sudo to cooperate with SSSD"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Um SSSD als eine Quelle von Sudo-Regeln zu aktivieren, fügen Sie dem Eintrag "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>sudoers</emphasis> in <citerefentry> <refentrytitle>nsswitch.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> <emphasis>sss</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis> hinzu."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For example, to configure sudo to first lookup rules in the standard "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> file (which should contain rules that apply to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"local users) and then in SSSD, the nsswitch.conf file should contain the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"following line:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Um zum Beispiel Sudo so zu konfigurieren, dass es zuerst die Regeln in der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Standarddatei <citerefentry> <refentrytitle>sudoers</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum> </citerefentry> nachschlägt (diese sollten Regeln "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"umfassen, die für lokale Benutzer gelten) und dann die in SSSD, sollte die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Datei »nsswitch.conf« die folgende Zeile enthalten:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sudoers: files sss\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sudoers: files sss\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"More information about configuring the sudoers search order from the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nsswitch.conf file as well as information about the LDAP schema that is used "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to store sudo rules in the directory can be found in <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über die Konfiguration der Suchreihenfolge der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»sudoers« aus der Datei »nsswitch.conf« sowie das LDAP-Schema, das zum "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Speichern von Sudo-Regeln im Verzeichnis benutzt wird, können Sie unter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sudoers.ldap</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> finden."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"sudo rules, you also need to correctly set <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"citerefentry> to your NIS domain name (which equals to IPA domain name when "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"using hostgroups)."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>Hinweis</emphasis>: Um Netzgruppen oder IPA-Hostgruppen in sudo-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Regeln verwenden zu können, muss <citerefentry> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"citerefentry> korrekt auf den entsprechenden NIS-Domainnamen gesetzt werden. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Dieser entspricht dem IPA-Domainnamen, wenn Hostgruppen verwendet werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Configuring SSSD to fetch sudo rules"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "SSSD zum Abrufen von Sudo-Regeln konfigurieren"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"All configuration that is needed on SSSD side is to extend the list of "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Alle auf der SSSD-Seite erforderliche Konfiguration ist die Erweiterung der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Liste der <emphasis>Dienste</emphasis> mit \"sudo\" im Abschnitt [sssd] der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Handbuchseite zu <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>. Um LDAP-Suchvorgänge zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"beschleunigen, können Sie auch die Suchbasis für sudo-Regeln mit der Option "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>ldap_sudo_search_base</emphasis> festlegen."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following example shows how to configure SSSD to download sudo rules "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"from an LDAP server."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel zeigt, wie SSSD konfiguriert wird, damit es die Sudo-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regeln von einem LDAP-Server herunterlädt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"config_file_version = 2\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"services = nss, pam, sudo\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domains = EXAMPLE\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"id_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sudo_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_uri = ldap://example.com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"config_file_version = 2\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"services = nss, pam, sudo\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domains = EXAMPLE\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"id_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sudo_provider = ldap\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_uri = ldap://example.com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> <phrase condition="
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"\"have_systemd\"> It's important to note that on platforms where systemd is "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"supported there's no need to add the \"sudo\" provider to the list of "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"services, as it became optional. However, sssd-sudo.socket must be enabled "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"instead. </phrase>"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"automatically enabled. The sudo search base is configured to use the IPA "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"$SUFFIX) is no longer required for IPA sudo functionality."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The SUDO rule caching mechanism"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Der Zwischenspeichermechanismus für Sudo-Regeln"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The biggest challenge, when developing sudo support in SSSD, was to ensure "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that running sudo with SSSD as the data source provides the same user "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"experience and is as fast as sudo but keeps providing the most current set "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of updates. They are referred to as full refresh, smart refresh and rules "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die größte Herausforderung bei der Entwicklung von Sudo-Unterstützung in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD war es, sicherzustellen, dass beim Ausführen von Sudo mit SSSD die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Datenquelle dieselbe Benutzererfahrung bereitstellt und so schnell wie Sudo "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ist, aber weiterhin so viele aktuelle Regelsätze wie möglich bereitstellt. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Um diesen Anforderungen zu genügen, verwendet SSSD drei Arten von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aktualisierungen. Sie werden als vollständiges Aktualisieren, kluges "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Aktualisieren und Regelaktualisierung bezeichnet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"new or were modified after the last update. Its primary goal is to keep the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"database growing by fetching only small increments that do not generate "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"large amounts of network traffic."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das <emphasis>kluge Aktualisieren</emphasis> lädt periodisch Regeln "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"herunter, die neu sind oder seit der letzten Aktualisierung geändert wurden. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das Hauptziel hierbei ist es, die Datenbank anwachsen zu lassen, indem nur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kleine Erweiterungen abgerufen werden, die keinen großen Netzwerkverkehr "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in the cache and replaces them with all rules that are stored on the server. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This is used to keep the cache consistent by removing every rule which was "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"deleted from the server. However, full refresh may produce a lot of traffic "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"and thus it should be run only occasionally depending on the size and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"stability of the sudo rules."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das <emphasis>vollständige Aktualisieren</emphasis> löscht einfach alle im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zwischenspeicher abgelegten Regeln und ersetzt sie durch die auf dem Server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gespeicherten Regeln. Dies wird benutzt, um den Zwischenspeicher dadurch "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"konsistent zu halten, dass jede von Server gelöschte Regel entfernt wird. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ein vollständiges Aktualisieren kann jedoch eine hohe Last erzeugen und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sollte daher nur gelegentlich abhängig von der Größe und Stabilität der Sudo-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regeln ausgeführt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"more permission than defined. It is triggered each time the user runs sudo. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Rules refresh will find all rules that apply to this user, check their "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"expiration time and redownload them if expired. In the case that any of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"these rules are missing on the server, the SSSD will do an out of band full "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refresh because more rules (that apply to other users) may have been deleted."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die <emphasis>Regelaktualisierung</emphasis> stellt sicher, dass dem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzer nicht mehr Rechte als definiert gewährt werden. Es wird jedesmal "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ausgelöst, wenn der Benutzer Sudo ausführt. Regelaktualisierung wird alle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Regeln suchen, die für diesen Benutzer gelten, ihren Ablaufzeitpunkt prüfen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und sie erneut herunterladen, falls sie erloschen sind. Im Fall, dass "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"irgendwelche der Regeln auf dem Server fehlen, wird SSSD außer der Reihe ein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"vollständiges Aktualisieren durchführen, da möglicherweise weitere Regeln "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(die für andere Benutzer gelten) gelöscht wurden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If enabled, SSSD will store only rules that can be applied to this machine. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This means rules that contain one of the following values in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>sudoHost</emphasis> attribute:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"SSSD wird, falls aktiviert, nur Regeln speichern, die auf diese Maschine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"angewandt werden können. Das bedeutet, Regeln, die einen der folgenden Werte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"im Attribut <emphasis>sudoHost</emphasis> enthalten:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "keyword ALL"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Schlüsselwort ALL"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "wildcard"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Platzhalter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "netgroup (in the form \"+netgroup\")"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Netzgruppe (in der Form »+Netzgruppe«)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "hostname or fully qualified domain name of this machine"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Rechnername oder voll qualifizierter Domain-Namen dieser Maschine"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "one of the IP addresses of this machine"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "eine der IP-Adressen dieser Maschine"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "one of the IP addresses of the network (in the form \"address/mask\")"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "eine der IP-Adressen des Netzwerks (in der Form »Adresse/Maske«)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"There are many configuration options that can be used to adjust the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Es gibt viele Konfigurationsoptionen, die benutzt werden können, um das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verhalten anzupassen. Bitte lesen Sie »ldap_sudo_*« in <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> und \"sudo_*\" in <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "System Security Services Daemon"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "System Security Services Daemon (Systemsicherheitsdienst-Daemon)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sssd</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>SSSD</command> provides a set of daemons to manage access to remote "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"directories and authentication mechanisms. It provides an NSS and PAM "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"interface toward the system and a pluggable backend system to connect to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"multiple different account sources as well as D-Bus interface. It is also "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the basis to provide client auditing and policy services for projects like "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"FreeIPA. It provides a more robust database to store local users as well as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"extended user data."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>SSSD</command> stellt einen Satz Daemons bereit, um den Zugriff auf "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ferne Verzeichnisse und Authentifizierungsmechanismen zu verwalten. Es "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bietet eine NSS- und PAM-Schnittstelle zum System und ein erweiterbares "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Backend-System zum Verbinden mit mehreren unterschiedlichen Kontenquellen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sowie der D-Bus-Schnittstelle. Es bildet außerdem die Grundlage für das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bereitstellen von Client-Überprüfungen und Richtliniendiensten für Projekte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wie FreeIPA. Es stellt eine robustere Datenbank bereit, um lokale Benutzer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sowie erweiterte Benutzerdaten zu speichern."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-d</option>,<option>--debug-level</option> <replaceable>STUFE</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>--debug-timestamps=</option><replaceable>Modus</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hinzugefügt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>0</emphasis>: Zeitstempel in Debug-Nachrichten werden deaktiviert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>--debug-microseconds=</option><replaceable>Modus</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>1</emphasis>: Dem Zeitstempel in Debug-Nachrichten werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Millisekunden hinzugefügt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>0</emphasis>: Millisekunden werden in Zeitstempeln deaktiviert"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-f</option>,<option>--debug-to-files</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-f</option>,<option>--debug-to-files</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Send the debug output to files instead of stderr. By default, the log files "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are stored in <filename>/var/log/sssd</filename> and there are separate log "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"files for every SSSD service and domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sendet die Ausgabe der Fehlersuche in Dateien statt auf die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Standardfehlerausgabe. Standardmäßig werden die Protokolldateien in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<filename>/var/log/sssd</filename> gespeichert. Dort gibt es separate "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Protokolldateien für jeden SSSD-Dienst und jede Domain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"This option is deprecated. It is replaced by <option>--logger=files</option>."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgid "<option>--logger=</option><replaceable>value</replaceable>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozekmsgstr "<option>--debug-timestamps=</option><replaceable>Modus</replaceable>"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Location where SSSD will send log messages. This option overrides the value "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"of the deprecated option <option>--debug-to-files</option>. The deprecated "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"option will still work if the <option>--logger</option> is not used."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"hinzugefügt."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "Send the debug output to files instead of stderr. By default, the log "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "files are stored in <filename>/var/log/sssd</filename> and there are "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| "separate log files for every SSSD service and domain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"default, the log files are stored in <filename>/var/log/sssd</filename> and "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"there are separate log files for every SSSD service and domain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"sendet die Ausgabe der Fehlersuche in Dateien statt auf die "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Standardfehlerausgabe. Standardmäßig werden die Protokolldateien in "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<filename>/var/log/sssd</filename> gespeichert. Dort gibt es separate "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"Protokolldateien für jeden SSSD-Dienst und jede Domain."
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"<emphasis>1</emphasis>: Den Debug-Nachrichten wird ein Zeitstempel "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"hinzugefügt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-D</option>,<option>--daemon</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-D</option>,<option>--daemon</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Become a daemon after starting up."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "wird nach dem Start ein Daemon."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-i</option>,<option>--interactive</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-i</option>,<option>--interactive</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Run in the foreground, don't become a daemon."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "läuft im Vordergrund und wird kein Daemon."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-c</option>,<option>--config</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-c</option>,<option>--config</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify a non-default config file. The default is <filename>/etc/sssd/sssd."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"conf</filename>. For reference on the config file syntax and options, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"consult the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum> </citerefentry> manual page."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt eine Konfigurationsdatei an, die nicht Standard ist. Die Voreinstellung "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ist <filename>/etc/sssd/sssd.conf</filename>. Auskunft über die Syntax und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Optionen der Konfigurationsdatei finden Sie in der Handbuchseite "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>--version</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>--version</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Print version number and exit."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt die Versionsnummer aus und beendet sich."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Signals"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Signale"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informs the SSSD to gracefully terminate all of its child processes and then "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"shut down the monitor."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informiert SSSD, dass es anstandslos alle Kindprozesse beenden und dann das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Überwachungsprogramm herunterfahren soll."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SIGHUP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "SIGHUP"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Tells the SSSD to stop writing to its current debug file descriptors and to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"close and reopen them. This is meant to facilitate log rolling with programs "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"like logrotate."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"teilt SSSD mit, dass es das Schreiben des aktuellen Dateideskriptors zur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Fehlersuche stoppen, ihn schließen und erneut öffnen soll. Dies ist dazu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gedacht, das Rotieren von Protokolldateien mit Programmen wie Logrotate zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erleichtern."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SIGUSR1"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "SIGUSR1"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Tells the SSSD to simulate offline operation for the duration of the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"signal can be sent to either the sssd process or any sssd_be process "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SIGUSR2"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "SIGUSR2"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Tells the SSSD to go online immediately. This is useful for testing. The "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"signal can be sent to either the sssd process or any sssd_be process "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"applications will not use the fast in memory cache."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Falls die Umgebungsvariable SSS_NSS_USE_MEMCACHE auf »NO« gesetzt ist, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"nutzen Client-Anwendungen den schnellen speicherinternen Zwischenspeicher "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_obfuscate.8.xml:10 sss_obfuscate.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_obfuscate"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_obfuscate"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "obfuscate a clear text password"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "verschleiert ein Klartextpasswort"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORT]</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_obfuscate</command> converts a given password into human-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unreadable format and places it into appropriate domain section of the SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"config file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_obfuscate</command> wandelt ein angegebenes Passwort in ein von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Menschen nicht lesbares Format um und legt es in einem geeigneten Domain-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abschnitt der SSSD-Konfigurationsdatei ab."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The cleartext password is read from standard input or entered "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"interactively. The obfuscated password is put into "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap_default_authtok_type</quote> parameter is set to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more details on these parameters."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das Klartextpasswort wird von der Standardeingabe gelesen oder interaktiv "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eingegeben. Das verschleierte Passwort wird in den Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_default_authtok« einer angegebenen SSSD-Domain abgelegt und der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Parameter »ldap_default_authtok_type« wird auf »obfuscated_password« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gesetzt. Weitere Einzelheiten über diese Parameter finden Sie unter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that obfuscating the password provides <emphasis>no real "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"security benefit</emphasis> as it is still possible for an attacker to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"reverse-engineer the password back. Using better authentication mechanisms "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass das Verschleiern von Passwörtern <emphasis>keinen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wirklichen Sicherheitsgewinn</emphasis> bietet, da es einem Angreifer immer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"noch möglich ist, das Passwort wieder herzuleiten. Es wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>dringend</emphasis> geraten, bessere Authentifizierungsmechanismen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wie Client-seitige Zertifikate oder GSSAPI zu verwenden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-s</option>,<option>--stdin</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-s</option>,<option>--stdin</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The password to obfuscate will be read from standard input."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das Passwort, das verschleiert werden soll, wird von der Standardeingabe "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_obfuscate.8.xml:74 sss_ssh_authorizedkeys.1.xml:70
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The SSSD domain to use the password in. The default name is <quote>default</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die SSSD-Domain, in der das Passwort benutzt wird. Der Standardname ist "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-f</option>,<option>--file</option> <replaceable>DATEI</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Read the config file specified by the positional parameter."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "liest die durch den Positionsparameter angegebene Konfigurationsdatei."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: <filename>/etc/sssd/sssd.conf</filename>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: <filename>/etc/sssd/sssd.conf</filename>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "sss_override"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "create local overrides of user and group attributes"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<command>sss_override</command> enables to create a client-side view and "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"allows to change selected values of specific user and groups. This change "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"takes effect only on local machine."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"local overrides are lost. Please note that after the first override is "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"created using any of the following <emphasis>user-add</emphasis>, "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"take effect. <emphasis>sss_override</emphasis> prints message when a "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"restart is required."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "AVAILABLE COMMANDS"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Argument <emphasis>NAME</emphasis> is the name of original object in all "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"commands. It is not possible to override <emphasis>uid</emphasis> or "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<emphasis>gid</emphasis> to 0."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"optional> <optional><option>-g,--gid</option> GID</optional> "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"CERTIFICATE</optional>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Override attributes of an user. Please be aware that calling this command "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"will replace any previous override for the (NAMEd) user."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>user-del</option> <emphasis>NAME</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Remove user overrides. However be aware that overridden attributes might be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"returned from memory cache. Please see SSSD option "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>memcache_timeout</emphasis> for more details."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"is set, only users from the domain are listed."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>user-show</option> <emphasis>NAME</emphasis>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Show user overrides."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>user-import</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"similar to standard passwd file. The format is:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"where original_name is original name of the user whose attributes should be "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"overridden. The rest of fields correspond to new values. You can omit a "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"value simply by leaving corresponding field empty."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "ckent:superman::::::"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ckent@krypton.com::501:501:Superman:/home/earth:/bin/bash:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>user-export</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Export all overridden attributes and store them in <emphasis>FILE</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"emphasis>. See <emphasis>user-import</emphasis> for data format."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Override attributes of a group. Please be aware that calling this command "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"will replace any previous override for the (NAMEd) group."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>group-del</option> <emphasis>NAME</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Remove group overrides. However be aware that overridden attributes might be "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"returned from memory cache. Please see SSSD option "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<emphasis>memcache_timeout</emphasis> for more details."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"parameter is set, only groups from the domain are listed."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>group-show</option> <emphasis>NAME</emphasis>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Show group overrides."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>group-import</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"similar to standard group file. The format is:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "original_name:name:gid"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"where original_name is original name of the group whose attributes should be "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"overridden. The rest of fields correspond to new values. You can omit a "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"value simply by leaving corresponding field empty."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "admins:administrators:"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Domain Users:Users:501"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>group-export</option> <emphasis>FILE</emphasis>"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Export all overridden attributes and store them in <emphasis>FILE</"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"emphasis>. See <emphasis>group-import</emphasis> for data format."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "COMMON OPTIONS"
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Those options are available with all commands."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_useradd"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_useradd"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "create a new user"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "erstellt einen neuen Benutzer"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_useradd</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_useradd</command> creates a new user account using the values "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"specified on the command line plus the default values from the system."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_useradd</command> erstellt mittels der auf der Befehlszeile "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"angegebenen Werte sowie der Standardwerte des Systems ein neues "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzerkonto."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"not given, it is chosen automatically."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt die UID des Benutzers auf den Wert von <replaceable>UID</replaceable>. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wurde der Wert nicht angegeben, wird er automatisch ausgewählt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_useradd.8.xml:55 sss_usermod.8.xml:43 sss_seed.8.xml:100
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-c</option>,<option>--gecos</option> <replaceable>KOMMENTAR</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_useradd.8.xml:60 sss_usermod.8.xml:48 sss_seed.8.xml:105
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Any text string describing the user. Often used as the field for the user's "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"irgendeine Zeichenkette, die den Benutzer beschreibt. Dieses Feld wird oft "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"für den vollständigen Namen des Benutzers verwendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_useradd.8.xml:67 sss_usermod.8.xml:55 sss_seed.8.xml:112
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-h</option>,<option>--home</option> <replaceable>HOME_VERZ</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The home directory of the user account. The default is to append the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that as the home directory. The base that is prepended before "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"baseDirectory</quote> setting in sssd.conf."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das Home-Verzeichnis des Benutzerkontos. Standardmäßig wird der Name für die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>ANMELDUNG</replaceable> an <filename>/home</filename> angehängt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und dies dann als Home-Verzeichnis benutzt. Das Basisverzeichnis, das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>ANMELDUNG</replaceable> vorangestellt wird, ist über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Einstellung »user_defaults/baseDirectory« in der »sssd.conf« einstellbar."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_useradd.8.xml:82 sss_usermod.8.xml:66 sss_seed.8.xml:124
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The user's login shell. The default is currently <filename>/bin/bash</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filename>. The default can be changed with <quote>user_defaults/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"defaultShell</quote> setting in sssd.conf."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Anmelde-Shell des Benutzers. Voreinstellung ist derzeit <filename>/bin/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bash</filename>. Die Voreinstellung kann über die Einstellung »user_defaults/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"defaultShell« in der »sssd.conf« geändert werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-G</option>,<option>--groups</option> <replaceable>GRUPPEN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "A list of existing groups this user is also a member of."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "eine Liste existierender Gruppen, denen dieser Benutzer auch angehört"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-m</option>,<option>--create-home</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-m</option>,<option>--create-home</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Create the user's home directory if it does not exist. The files and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"directories contained in the skeleton directory (which can be defined with "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the -k option or in the config file) will be copied to the home directory."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erstellt das Home-Verzeichnis des Benutzers, falls es nicht existiert. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dateien und Verzeichnisse, die in der Verzeichnisvorlage (die mit der Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"-k oder in der Konfigurationsdatei definiert werden kann) enthalten sind, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden in das Home-Verzeichnis kopiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-M</option>,<option>--no-create-home</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-M</option>,<option>--no-create-home</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Do not create the user's home directory. Overrides configuration settings."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erstellt nicht das Home-Verzeichnis des Benutzers und setzt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfigurationseinstellungen außer Kraft."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-k</option>,<option>--skel</option> <replaceable>SKEL-VERZ</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The skeleton directory, which contains files and directories to be copied in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the user's home directory, when the home directory is created by "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_useradd</command>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Verzeichnisvorlage mit Dateien und Verzeichnissen, die in das durch "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_useradd</command> neu erstellte Home-Verzeichnis des Benutzers "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kopiert werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Special files (block devices, character devices, named pipes and unix "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sockets) will not be copied."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Spezialdateien (block- und zeichenorientierte Geräte, benannte Pipes und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Unix-Sockets) werden nicht kopiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option is only valid if the <option>-m</option> (or <option>--create-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"home</option>) option is specified, or creation of home directories is set "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"to TRUE in the configuration."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option ist nur gültig, falls die Option <option>-m</option> (oder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>--create-home</option>) angegeben wurde oder das Erstellen von Home-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verzeichnissen in der Konfiguration auf »TRUE« gesetzt ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_useradd.8.xml:156 sss_usermod.8.xml:124
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-Z</option>,<option>--selinux-user</option> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>SELINUX_USER</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-Z</option>,<option>--selinux-user</option> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>SELINUX_BENUTZER</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The SELinux user for the user's login. If not specified, the system default "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"will be used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der SELinux-Benutzer für die Anmeldung des Benutzers. Ist er nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"angegeben, wird die Voreinstellung des Systems benutzt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sssd-krb5"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sssd-krb5"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD Kerberos provider"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "SSSD Kerberos-Anbieter"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This manual page describes the configuration of the Kerberos 5 "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentication backend for <citerefentry> <refentrytitle>sssd</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> manual page."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Handbuchseite beschreibt die Konfiguration des Authentifizierungs-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Backends Kerberos 5 für <citerefentry> <refentrytitle>sssd</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche Syntax-Referenz "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The Kerberos 5 authentication backend contains auth and chpass providers. It "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"must be paired with an identity provider in order to function properly (for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"example, id_provider = ldap). Some information required by the Kerberos 5 "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentication backend must be provided by the identity provider, such as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the user's Kerberos Principal Name (UPN). The configuration of the identity "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"provider should have an entry to specify the UPN. Please refer to the man "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"page for the applicable identity provider for details on how to configure "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das Authentifizierungs-Backend Kerberos 5 enthält Authentifizierungs- und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Chpass-Anbieter. Es muss mit einem Identitätsanbieter verbunden werden, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"damit es sauber läuft (zum Beispiel »id_provider = ldap«). Einige vom "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kerberos-5-Authentifizierungs-Backend benötigten Informationen wie der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»Kerberos Principal Name« (UPN) des Benutzers müssen durch den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Identitätsanbieter bereitgestellt werden. Die Konfiguration des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Identitätsanbieters sollte einen Eintrag haben, der den UPN angibt. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Einzelheiten, wie dies konfiguriert wird, finden Sie in der Handbuchseite "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"des entsprechenden Identitätsanbieters."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This backend also provides access control based on the .k5login file in the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that an empty .k5login file will deny all access to this user. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"To activate this feature, use 'access_provider = krb5' in your SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"configuration."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dieses Backend stellt ebenso eine Zugriffssteuerung bereit, die auf der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Datei .k5login im Home-Verzeichnis des Benutzers basiert. Weitere "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Einzelheiten finden Sie unter <citerefentry> <refentrytitle>.k5login</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>5</manvolnum> </citerefentry>. Bitte beachten Sie, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dass eine leere .k5login-Datei jegliche Zugriffe durch diesen Benutzer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verbietet. Verwenden Sie »access_provider = krb5« in Ihrer SSSD-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration, um diese Funktionalität zu aktivieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In the case where the UPN is not available in the identity backend, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sssd</command> will construct a UPN using the format "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Im Fall, dass UPN nicht im Identitäts-Backend verfügbar ist, wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sssd</command> mittels des Formats <replaceable>Benutzername</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>@<replaceable>Krb5_Realm</replaceable> einen UPN konstruieren."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the comma-separated list of IP addresses or hostnames of the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kerberos servers to which SSSD should connect, in the order of preference. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For more information on failover and server redundancy, see the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"colon) may be appended to the addresses or hostnames. If empty, service "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"discovery is enabled; for more information, refer to the <quote>SERVICE "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"DISCOVERY</quote> section."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gibt eine durch Kommata getrennte Liste von IP-Adressen oder Rechnernamen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"der Kerberos-Server in der Reihenfolge an, in der sich SSSD mit ihnen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verbinden soll. Weitere Informationen über Ausfallsicherung und Redundanz "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"finden Sie im Abschnitt »AUSFALLSICHERUNG«. An die Adressen oder "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Rechnernamen kann eine optionale Portnummer (der ein Doppelpunkt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"vorangestellt ist) angehängt werden. Falls dies leer gelassen wurde, wird "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"die Dienstsuche aktiviert. Weitere Informationen finden Sie im Abschnitt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"»DIENSTSUCHE«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The name of the Kerberos realm. This option is required and must be "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Name des Kerberos-Realms. Diese Option wird benötigt und muss angegeben "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_kpasswd, krb5_backup_kpasswd (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the change password service is not running on the KDC, alternative "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"servers can be defined here. An optional port number (preceded by a colon) "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"may be appended to the addresses or hostnames."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls der Dienst zum Ändern von Passwörtern auf der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Schlüsselverwaltungszentrale (KDC) nicht läuft, können hier alternative "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Server definiert werden. An die Adressen oder Rechnernamen kann eine "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"optionale Portnummer (der ein Doppelpunkt vorangestellt ist) angehängt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For more information on failover and server redundancy, see the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"servers to try, the backend is not switched to operate offline if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"authentication against the KDC is still possible."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über Ausfallsicherung und Redundanz finden Sie im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abschnitt »AUSFALLSICHERUNG«. HINWEIS: Selbst wenn es keine weiteren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»kpasswd«-Server mehr auszuprobieren gibt, wird das Backend nicht offline "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gehen, da eine Authentifizierung gegen die Schlüsselverwaltungszentrale "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(KDC) immer noch möglich ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Use the KDC"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: KDC benutzen"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_ccachedir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_ccachedir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directory to store credential caches. All the substitution sequences of "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"krb5_ccname_template can be used here, too, except %d and %P. The directory "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"is created as private and owned by the user, with permissions set to 0700."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Das Verzeichnis zum Ablegen von Anmeldedaten-Zwischenspeichern. Alle "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Ersetzungssequenzen von krb5_ccname_template können hier auch verwendet "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"werden, außer %d und %P. Das Verzeichnis wird als privat angelegt und ist "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Eigentum des Benutzers. Die Zugriffsrechte werden auf 0700 gesetzt."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: /tmp"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: /tmp"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_ccname_template (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_ccname_template (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:165 include/override_homedir.xml:11
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:166 include/override_homedir.xml:12
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "login name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Anmeldename"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:169 include/override_homedir.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "login UID"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Anmelde-UID"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "principal name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Principal-Name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "realm name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Realm-Name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "home directory"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "Home-Verzeichnis"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: sssd-krb5.5.xml:187 include/override_homedir.xml:19
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "value of krb5_ccachedir"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Wert von krb5_ccachedir"
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:193 include/override_homedir.xml:31
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "the process ID of the SSSD client"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Prozess-ID des SSSD-Clients"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:199 include/override_homedir.xml:49
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#: sssd-krb5.5.xml:200 include/override_homedir.xml:50
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "a literal '%'"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ein buchstäbliches »%«"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Location of the user's credential cache. Three credential cache types are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"implies the <quote>FILE</quote> type. In the template, the following "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"filename in a safe way."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der Ort für die Zwischenspeicherung der Anmeldedaten des Benutzers. Drei "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Zwischenspeichertypen werden derzeit unterstützt: <quote>FILE</quote>, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>DIR</quote> und <quote>KEYRING:persistent</quote>. Der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Zwischenspeicher kann entweder als <replaceable>TYP:REST</replaceable> oder "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"als absoluter Pfad angegeben werden, wobei Letzteres den Typ <quote>FILE</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"quote> beinhaltet. In der Schablone werden die folgenden Sequenzen ersetzt: "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/> Falls die Vorlage mit »XXXXXX« "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"endet, wird mkstemp(3) verwendet, um auf sichere Weise einen eindeutigen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Dateinamen zu erzeugen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"persistent:%U</quote>, which uses the Linux kernel keyring to store "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"credentials on a per-UID basis. This is also the recommended choice, as it "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is the most secure and predictable method."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Wenn der KEYRING-Typ verwendet wird, ist <quote>KEYRING:persistent:%U</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"quote> der einzige unterstützte Mechanismus. Hierfür wird der Schlüsselbund "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"des Linux-Kernels zum Speichern der Anmeldedaten getrennt nach Benutzer-IDs "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwendet. Dies wird auch empfohlen, da es die sicherste und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"vorausberechenbarste Methode ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The default value for the credential cache name is sourced from the profile "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"stored in the system wide krb5.conf configuration file in the [libdefaults] "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"section. The option name is default_ccache_name. See krb5.conf(5)'s "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"PARAMETER EXPANSION paragraph for additional information on the expansion "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"format defined by krb5.conf."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der Vorgabewert für den Anmeldedaten-Zwischenspeicher wird aus dem im "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Abschnitt [libdefaults] der Datei krb5.conf enthaltenen Profil der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"systemweiten Konfiguration bezogen. Der Name der Option ist "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"default_ccache_name. Im Abschnitt PARAMETER EXPANSION der Handbuchseite zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"krb5.conf(5) finden Sie zusätzliche Informationen zu dem in krb5.conf "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"definierten Format."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"NOTE: Please be aware that libkrb5 ccache expansion template from "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<citerefentry> <refentrytitle>krb5.conf</refentrytitle> <manvolnum>5</"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: (from libkrb5)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Voreinstellung: (aus libkrb5)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_auth_timeout (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_auth_timeout (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Timeout in seconds after an online authentication request or change password "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"request is aborted. If possible, the authentication request is continued "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Zeitüberschreitung in Sekunden, nach der eine Online-Anfrage zur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Authentifizierung oder Passwortänderung gescheitert ist. Falls möglich, wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Authentifizierung offline fortgesetzt."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_validate (boolean)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "krb5_validate (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verify with the help of krb5_keytab that the TGT obtained has not been "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"spoofed. The keytab is checked for entries sequentially, and the first entry "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"with a matching realm is used for validation. If no entry matches the realm, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the last entry in the keytab is used. This process can be used to validate "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"environments using cross-realm trust by placing the appropriate keytab entry "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"as the last entry or the only entry in the keytab file."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"prüft mit Hilfe von »krb5_keytab«, ob das erhaltene TGT keine Täuschung ist. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Einträge der Keytab werden der Reihe nach kontrolliert und der erste "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Eintrag mit einem passenden Realm wird für die Überprüfung benutzt. Falls "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"keine Einträge dem Realm entsprechen, wird der letzte Eintrag der Keytab "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verwendet. Dieser Prozess kann zur Überprüfung von Umgebungen mittels Realm-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"übergreifendem Vertrauen benutzt werden, indem der dazugehörige Keytab-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Eintrag als letzter oder einziger Eintrag in der Keytab-Datei abgelegt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_keytab (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_keytab (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The location of the keytab to use when validating credentials obtained from "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Speicherort der Keytab, der bei der Überprüfung von Berechtigungen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt wird, die von Schlüsselverwaltungszentralen (KDCs) stammen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: /etc/krb5.keytab"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_store_password_if_offline (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_store_password_if_offline (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Store the password of the user if the provider is offline and use it to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"request a TGT when the provider comes online again."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"speichert das Passwort des Benutzers, falls der Anbieter offline ist, und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt es zur Abfrage des TGTs, wenn der Anbieter wieder online geht."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: this feature is only available on Linux. Passwords stored in this way "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are kept in plaintext in the kernel keyring and are potentially accessible "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"by the root user (with difficulty)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Diese Funktionalität ist nur auf Linux verfügbar. Passwörter, die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auf diese Weise gespeichert wurden, werden im Klartext im Schlüsselbund des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Kernels aufbewahrt. Darauf kann unter Umständen (mit Mühe) durch den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzer Root zugegriffen werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_renewable_lifetime (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_renewable_lifetime (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Request a renewable ticket with a total lifetime, given as an integer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"immediately followed by a time unit:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"fordert ein erneuerbares Ticket mit einer Gesamtlebensdauer an. Es wird als "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ganzzahl, der direkt eine Zeiteinheit folgt, angegeben:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:314 sssd-krb5.5.xml:348 sssd-krb5.5.xml:385
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>s</emphasis> for seconds"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>s</emphasis> für Sekunden"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:317 sssd-krb5.5.xml:351 sssd-krb5.5.xml:388
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>m</emphasis> for minutes"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>m</emphasis> für Minuten"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:320 sssd-krb5.5.xml:354 sssd-krb5.5.xml:391
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>h</emphasis> for hours"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>h</emphasis> für Stunden"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#: sssd-krb5.5.xml:323 sssd-krb5.5.xml:357 sssd-krb5.5.xml:394
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<emphasis>d</emphasis> for days."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<emphasis>d</emphasis> für Tage"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"and a half hours, use '90m' instead of '1h30m'."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die erneuerbare "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Lebensdauer auf eineinhalb Stunden zu setzen, verwenden Sie »90m« statt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set, i.e. the TGT is not renewable"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nicht gesetzt, d.h. das TGT ist nicht erneuerbar."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_lifetime (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_lifetime (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Request ticket with a lifetime, given as an integer immediately followed by "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"a time unit:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anforderungsticket mit einer Lebensdauer, angegeben als Ganzzahl, der direkt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eine Zeiteinheit folgt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "If there is no unit given <emphasis>s</emphasis> is assumed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls keine Einheit angegeben ist, wird <emphasis>s</emphasis> angenommen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: It is not possible to mix units. To set the lifetime to one and a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"half hours please use '90m' instead of '1h30m'."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Es ist nicht möglich, Einheiten zu mixen. Um die Lebensdauer auf "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eineinhalb Stunden zu setzen, verwenden Sie »90m« statt »1h30m«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Default: not set, i.e. the default ticket lifetime configured on the KDC."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Voreinstellung: nicht gesetzt, d.h. die Standardlebenszeit des Tickets auf "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Schlüsselverwaltungszentrale (KDC)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_renew_interval (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_renew_interval (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The time in seconds between two checks if the TGT should be renewed. TGTs "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"are renewed if about half of their lifetime is exceeded, given as an integer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"immediately followed by a time unit:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"die Zeit in Sekunden zwischen zwei Prüfungen, ob das TGT erneuert werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"soll. TGTs werden erneuert, wenn ungefähr die Hälfte ihrer Lebensdauer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"überschritten ist. Sie wird als Ganzzahl, der unmittelbar eine Zeiteinheit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"folgt, angegeben:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "If this option is not set or is 0 the automatic renewal is disabled."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Falls diese Option nicht oder auf 0 gesetzt ist, wird die automatische "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Erneuerung deaktiviert."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_fast (string)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "krb5_use_fast (Zeichenkette)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"authentication. The following options are supported:"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Schaltet das flexible Authentifizierungs-Sicherheits-Tunneln (FAST) für die "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Vorauthentifizierung von Kerberos ein. Die folgenden Optionen werden "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"unterstützt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"option at all."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>never</emphasis>: FAST wird nie benutzt. Dies ist so, als ob diese "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Einstellung gar nicht gemacht würde."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"continue the authentication without it."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>try</emphasis>: Es wird versucht, FAST zu benutzen. Falls der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Server kein FAST unterstützt, fährt die Authentifizierung ohne fort."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"server does not require fast."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"<emphasis>demand</emphasis>: Fragt nach, ob FAST benutzt werden soll. Die "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Authentifizierung schlägt fehl, falls der Server kein FAST erfordert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: not set, i.e. FAST is not used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: nicht gesetzt, d.h. FAST wird nicht benutzt"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "NOTE: a keytab is required to use FAST."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "HINWEIS: Zur Benutzung von FAST ist eine Keytab erforderlich."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"SSSD is used with an older version of MIT Kerberos, using this option is a "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"configuration error."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"HINWEIS: SSSD unterstützt FAST nur mit MIT-Kerberos-Version 1.8 und neuer. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Falls SSSD mit einer älteren Version von MIT-Kerberos benutzt wird, ist die "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Verwendung dieser Option ein Konfigurationsfehler."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "krb5_fast_principal (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "krb5_fast_principal (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specifies the server principal to use for FAST."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "gibt den Server-Principal zur Benutzung von FAST an."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies if the host and user principal should be canonicalized. This "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"feature is available with MIT Kerberos 1.7 and later versions."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"gibt an, ob der Rechner und User-Principal in die kanonische Form gebracht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden sollen. Diese Funktionalität ist mit MIT-Kerberos 1.7 und neueren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Versionen verfügbar."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_enterprise_principal (boolean)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgstr "krb5_use_enterprise_principal (Boolesch)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Specifies if the user principal should be treated as enterprise principal. "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"See section 5 of RFC 6806 for more details about enterprise principals."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"gibt an, ob der User Principal als Enterprise Principal betrachtet werden "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"soll. Weitere Informationen über Enterprise Principals finden Sie in "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Abschnitt 5 von RFC 6806."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: false (AD provider: true)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Voreinstellung: falsch (AD-Anbieter: wahr)"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"The IPA provider will set to option to 'true' if it detects that the server "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"is capable of handling enterprise principals and the option is not set "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"explicitly in the config file."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozekmsgid "krb5_map_user (string)"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"The list of mappings is given as a comma-separated list of pairs "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"name and <quote>primary</quote> is a user part of a kerberos principal. This "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"mapping is used when user is authenticating using <quote>auth_provider = "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5</quote>."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_realm = REALM\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_map_user = joe:juser,dick:richard\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If the auth-module krb5 is used in an SSSD domain, the following options "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"must be used. See the <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls das Authentifizierungsmodul Krb5 in einer SSSD-Domain benutzt wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"müssen die folgenden Optionen verwendet werden. Einzelheiten über die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration einer SSSD-Domain finden Sie im Abschnitt »DOMAIN-ABSCHNITTE« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Handbuchseite <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>5</manvolnum> </citerefentry>. <placeholder type=\"variablelist\" "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The following example assumes that SSSD is correctly configured and FOO is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"example shows only configuration of Kerberos authentication; it does not "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"include any identity provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Das folgende Beispiel geht davon aus, dass SSSD korrekt konfiguriert wurde "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und FOO eine der Domains im Abschnitt <replaceable>[sssd]</replaceable> ist. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dieses Beispiel zeigt nur die Authentifizierung mit Kerberos, sie umfasst "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"keine Identitätsanbieter."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"auth_provider = krb5\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_server = 192.168.1.1\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"krb5_realm = EXAMPLE.COM\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupadd.8.xml:10 sss_groupadd.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_groupadd"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_groupadd"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "create a new group"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "erstellt eine neue Gruppe"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupadd</command> creates a new group. These groups are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"compatible with POSIX groups, with the additional feature that they can "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"contain other groups as members."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupadd</command> erstellt eine neue Gruppe. Diese Gruppen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sind kompatibel mit POSIX-Gruppen mit der zusätzlichen Funktionalität, dass "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sie andere Gruppen als Mitglieder enthalten können."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"not given, it is chosen automatically."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt die GID der Gruppe auf den Wert von <replaceable>GID</replaceable>. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wurde der Wert nicht angegeben, wird er automatisch ausgewählt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_userdel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_userdel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "delete a user account"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "löscht ein Benutzerkonto"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_userdel</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_userdel</command> deletes a user identified by login name "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>LOGIN</replaceable> from the system."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_userdel</command> löscht einen Benutzer, der durch den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anmeldenamen <replaceable>ANMELDUNG</replaceable> vom System erkannt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-r</option>,<option>--remove</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-r</option>,<option>--remove</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Files in the user's home directory will be removed along with the home "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"directory itself and the user's mail spool. Overrides the configuration."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dateien im Home-Verzeichnis des Benutzers werden zusammen mit dem Home-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verzeichnis selbst und der Mail-Warteschlange des Benutzers entfernt. Dies "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt die Konfiguration außer Kraft."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-R</option>,<option>--no-remove</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-R</option>,<option>--no-remove</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Files in the user's home directory will NOT be removed along with the home "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"directory itself and the user's mail spool. Overrides the configuration."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Dateien im Home-Verzeichnis des Benutzers werden NICHT zusammen mit dem Home-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verzeichnis selbst und der Mail-Warteschlange des Benutzers entfernt. Dies "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt die Konfiguration außer Kraft."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-f</option>,<option>--force</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-f</option>,<option>--force</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"This option forces <command>sss_userdel</command> to remove the user's home "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"directory and mail spool, even if they are not owned by the specified user."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Diese Option erzwingt, dass <command>sss_userdel</command> das Home-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verzeichnis des Benutzers und die Mail-Warteschlange sogar dann entfernt, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wenn sie dem angegebenen Nutzer nicht gehören."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-k</option>,<option>--kick</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-k</option>,<option>--kick</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Before actually deleting the user, terminate all his processes."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beendet, bevor der Benutzer tatsächlich gelöscht wird, alle seine Prozesse."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupdel.8.xml:10 sss_groupdel.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_groupdel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_groupdel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "delete a group"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "löscht eine Gruppe"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupdel</command> deletes a group identified by its name "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GROUP</replaceable> from the system."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupdel</command> löscht eine Gruppe namens "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GRUPPE</replaceable> vom System."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_groupshow.8.xml:10 sss_groupshow.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_groupshow"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_groupshow"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "print properties of a group"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt die Eigenschaften einer Gruppe aus."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>GRUPPE</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupshow</command> displays information about a group "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"identified by its name <replaceable>GROUP</replaceable>. The information "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"includes the group ID number, members of the group and the parent group."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_groupshow</command> zeigt Informationen über eine Gruppe namens "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GRUPPE</replaceable> an. Die Informationen umfassen die Gruppen-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ID-Nummer, Mitglieder der Gruppe, sowie die übergeordnete Gruppe."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-R</option>,<option>--recursive</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-R</option>,<option>--recursive</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Also print indirect group members in a tree-like hierarchy. Note that this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"also affects printing parent groups - without <option>R</option>, only the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"direct parent will be printed."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibtt auch indirekte Gruppenmitglieder in einer baumartigen Hierarchie aus. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beachten Sie, dass dies auch die Ausgabe der übergeordneten Gruppen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beeinflusst – ohne <option>R</option> werden nur die unmittelbar "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"übergeordneten Gruppen ausgegeben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_usermod"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_usermod"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "modify a user account"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ändert ein Benutzerkonto"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_usermod</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>ANMELDUNG</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_usermod</command> modifies the account specified by "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"on the command line."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_usermod</command> ändert das durch <replaceable>ANMELDUNG</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> angegebene Konto, damit es die auf der Befehlszeile angegebenen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Änderungen widerzuspiegelt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The home directory of the user account."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das Home-Verzeichnis des Benutzerkontos"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The user's login shell."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "die Anmelde-Shell des Benutzers"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Append this user to groups specified by the <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"a comma separated list of group names."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"hängt diesen Benutzer an die Gruppen an, die durch den Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GRUPPEN</replaceable> angegeben werden. Der Parameter "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<replaceable>GRUPPEN</replaceable> ist eine durch Kommata getrennte Liste "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"von Gruppennamen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Remove this user from groups specified by the <replaceable>GROUPS</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> parameter."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"entfernt diesen Benutzer aus Gruppen, die durch den Parameter "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>GRUPPEN</replaceable> angegeben werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-l</option>,<option>--lock</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-l</option>,<option>--lock</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Lock the user account. The user won't be able to log in."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sperrt das Benutzerkonto. Der Benutzer wird sich nicht anmelden können."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-u</option>,<option>--unlock</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-u</option>,<option>--unlock</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Unlock the user account."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgstr "entsperrt das Benutzerkonto."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The SELinux user for the user's login."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "der SELinux-Benutzer für die Anmeldung des Anwenders"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<option>--addattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "Add an attribute/value pair. The format is attrname=value."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Ein Attribut/Wert-Paar hinzufügen. Das Format ist Attributname=Wert."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<option>--setattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"Set an attribute to a name/value pair. The format is attrname=value. For "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"multi-valued attributes, the command replaces the values already present"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Ein Attribut auf ein Name/Wert-Paar setzen. Das Format ist "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Attributname=Wert. Bei Attributen mit mehreren Werten ersetzt der Befehl die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"bereits vorhandenen Werte."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<option>--delattr</option> <replaceable>ATTR_NAME_WERT</replaceable>"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "Delete an attribute/value pair. The format is attrname=value."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Ein Attribut/Wert-Paar löschen. Das Format ist Attributname=Wert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_cache"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_cache"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "perform cache cleanup"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "führt eine Bereinigung des Zwischenspeichers durch."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_cache</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"records are forced to be reloaded from server as soon as related SSSD "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"backend is online. Options that invalidate a single object only accept a "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"single provided argument."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-E</option>,<option>--everything</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-E</option>,<option>--everything</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "Invalidate all cached entries."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-u</option>,<option>--user</option> <replaceable>Anmeldung</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Invalidate specific user."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "annulliert einen bestimmten Benutzer."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-U</option>,<option>--users</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-U</option>,<option>--users</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Invalidate all user records. This option overrides invalidation of specific "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"user if it was also set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"annulliert alle Benutzerdatensätze. Diese Option setzt das Annullieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmter Benutzer außer Kraft, falls es ebenfalls gesetzt war."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-g</option>,<option>--group</option> <replaceable>Gruppe</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Invalidate specific group."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "annulliert eine bestimmte Gruppe."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-G</option>,<option>--groups</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-G</option>,<option>--groups</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Invalidate all group records. This option overrides invalidation of specific "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"group if it was also set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"annulliert alle Gruppendatensätze. Diese Option setzt das Annullieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmter Gruppen außer Kraft, falls es ebenfalls gesetzt war."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-n</option>,<option>--netgroup</option> <replaceable>Netzgruppe</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Invalidate specific netgroup."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "annulliert eine bestimmte Netzgruppe."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-N</option>,<option>--netgroups</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-N</option>,<option>--netgroups</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Invalidate all netgroup records. This option overrides invalidation of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"specific netgroup if it was also set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"annulliert alle Netzgruppendatensätze. Diese Option setzt das Annullieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmter Netzgruppen außer Kraft, falls es ebenfalls gesetzt war."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-s</option>,<option>--service</option> <replaceable>service</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-s</option>,<option>--service</option> <replaceable>Dienst</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Invalidate specific service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "annulliert einen bestimmten Dienst."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-S</option>,<option>--services</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-S</option>,<option>--services</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Invalidate all service records. This option overrides invalidation of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"specific service if it was also set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"annulliert alle Dienstdatensätze. Diese Option setzt das Annullieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmter Dienste außer Kraft, falls es ebenfalls gesetzt war."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-a</option>,<option>--autofs-map</option> <replaceable>Autofs-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abbildung</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Invalidate specific autofs maps."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "annulliert eine bestimmte Autofs-Abbildung."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-A</option>,<option>--autofs-maps</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-A</option>,<option>--autofs-maps</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Invalidate all autofs maps. This option overrides invalidation of specific "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"map if it was also set."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"annulliert alle Autofs-Abbildungen. Diese Option setzt das Annullieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bestimmter Abbildungen außer Kraft, falls es ebenfalls gesetzt war."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"replaceable>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Invalidate SSH public keys of a specific host."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "<option>-H</option>,<option>--ssh-hosts</option>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Invalidate SSH public keys of all hosts. This option overrides invalidation "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"of SSH public keys of specific host if it was also set."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"replaceable>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "Invalidate particular sudo rule."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "<option>-R</option>,<option>--sudo-rules</option>"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Invalidate all cached sudo rules. This option overrides invalidation of "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"specific sudo rule if it was also set."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-d</option>,<option>--domain</option> <replaceable>Domain</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Restrict invalidation process only to a particular domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "begrenzt den Annullierungsprozess auf eine bestimmte Domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_debuglevel.8.xml:10 sss_debuglevel.8.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_debuglevel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_debuglevel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "change debug level while SSSD is running"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "[DEPRECATED] change debug level while SSSD is running"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ändert die Debug-Stufe, während SSSD ausgeführt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'><replaceable>NEUE_DEBUG_STUFE</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"debug-level command. Please refer to the <command>sssctl</command> man page "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"for more information on sssctl usage."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_seed"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_seed"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "seed the SSSD cache with a user"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "füllt den SSSD-Zwischenspeicher mit einem Benutzer"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_seed</command> <arg choice='opt'> <replaceable>Optionen</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg> <arg choice='plain'>-n <replaceable>BENUTZER</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"temporary password. If a user entry is already present in the SSSD cache "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"then the entry is updated with the temporary password."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_seed</command> füllt den SSSD-Zwischenspeicher mit einem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzereintrag und einem temporären Passwort. Falls bereits ein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzereintrag im SSSD-Zwischenspeicher vorhanden ist, wird der Eintrag mit "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dem temporären Passwort aktualisiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Provide the name of the domain in which the user is a member of. The domain "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is also used to retrieve user information. The domain must be configured in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Information retrieved from the domain overrides what is provided in the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"stellt den Namen der Doamin bereit, in der der Benutzer Mitglied ist. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Domain wird auch zur Abfrage von Benutzerinformationen verwendet. Sie muss "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in der »sssd.conf« konfiguriert sein. Die Option <replaceable>DOMAIN</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable> muss bereitgestellt werden. Von der Domain geholte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Informationen setzen das, was in den Optionen bereitgestellt wurde, außer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-n</option>,<option>--username</option> <replaceable>USER</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-n</option>,<option>--username</option> <replaceable>BENUTZER</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The username of the entry to be created or modified in the cache. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>USER</replaceable> option must be provided."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Benutzername des Eintrags, der im Zwischenspeicher erstellt oder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verändert werden soll. Die Option <replaceable>BENUTZER</replaceable> muss "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bereitgestellt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Set the UID of the user to <replaceable>UID</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "setzt die UID des Benutzers auf <replaceable>UID</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Set the GID of the user to <replaceable>GID</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "setzt die GID des Benutzers auf <replaceable>GID</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt das Home-Verzeichnis des Benutzers auf <replaceable>HOME_VERZ</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt die Anmelde-Shell des Benutzers auf <replaceable>SHELL</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Interactive mode for entering user information. This option will only prompt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for information not provided in the options or retrieved from the domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"interaktiver Modus zur Eingabe von Benutzerinformationen. Diese Option wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nur nach Informationen fragen, die nicht von den Optionen bereitgestellt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"oder in der Domain geholt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-p</option>,<option>--password-file</option> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>PASSWORTDATEI</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify file to read user's password from. (if not specified password is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"prompted for)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Datei an, aus der das Passwort des Benutzers gelesen wird (ist es "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht angegeben, wird nach dem Passwort gefragt)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The length of the password (or the size of file specified with -p or --"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"on systems with no globally-defined PASS_MAX value)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Länge des Passworts (oder die Größe der mit der Option -p oder --"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"password-file angegebenen Datei) muss kleiner oder gleich PASS_MAX Byte sein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(64 Byte auf Systemen ohne global definiertem Wert für PASS_MAX)."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "sssd-ifp"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "sssd-ifp"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "SSSD InfoPipe responder"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "SSSD InfoPipe-Responder"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"This manual page describes the configuration of the InfoPipe responder for "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Handbuchseite beschreibt die Konfiguration des InfoPipe-Responders für "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"</citerefentry>. Eine detaillierte Syntaxreferenz finden Sie im Abschnitt "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>DATEIFORMAT</quote> in der Handbuchseite zu <citerefentry> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"citerefentry>."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The InfoPipe responder provides a public D-Bus interface accessible over the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"system bus. The interface allows the user to query information about remote "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"users and groups over the system bus."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der InfoPipe-Responder stellt eine öffentliche D-Bus-Schnittstelle bereit, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"auf die über den Systembus zugegriffen werden kann. Die Schnittstelle "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ermöglicht die Abfrage von Informationen zu entfernten Benutzern und Gruppen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"über den Systembus."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "These options can be used to configure the InfoPipe responder."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Diese Optionen können zur Konfiguration des InfoPipe-Responders verwendet "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Specifies the comma-separated list of UID values or user names that are "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Gibt eine durch Kommata getrennte Liste der Benutzer-ID-Werte oder "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Benutzernamen an, denen der Zugriff auf den InfoPipe-Responder erlaubt ist. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Benutzernamen werden beim Start in Benutzer-IDs aufgelöst."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Voreinstellung: 0 (nur der Benutzer »root« darf auf den InfoPipe-Responder "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that although the UID 0 is used as the default it will be "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"overwritten with this option. If you still want to allow the root user to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"access the InfoPipe responder, which would be the typical case, you have to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"add 0 to the list of allowed UIDs as well."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Beachten Sie, dass trotz der Verwendung der Benutzer-ID 0 als Voreinstellung "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"diese durch die Option überschrieben wird. Falls Sie wollen, dass dem Root-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Benutzer der Zugriff auf den InfoPipe-Responder gewährt werden soll, was der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"typische Fall ist, müssen Sie 0 ebenfalls zur Liste der erlaubten Benutzer-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"IDs hinzufügen."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Specifies the comma-separated list of white or blacklisted attributes."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Gibt eine durch Kommata getrennte Liste der auf die weiße (erlaubt) "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"beziehungsweise schwarze Liste (blockiert) gesetzten Attribute an."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "name"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user's login name"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Anmeldename des Benutzers"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "uidNumber"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "uidNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user ID"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Benutzer-ID"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "gidNumber"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "gidNumber"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "primary group ID"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "primäre Gruppen-ID"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "gecos"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "gecos"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user information, typically full name"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Benutzerinformation, typischerweise der vollständige Name"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "homeDirectory"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "homeDirectory"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "loginShell"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "loginShell"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "user shell"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Benutzershell"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"By default, the InfoPipe responder only allows the default set of POSIX "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"attributes to be requested. This set is the same as returned by "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"In der Voreinstellung erlaubt der InfoPipe-Responder nur die Abfrage des "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Standardsatzes an POSIX-Attributen. Dieser Satz ist der gleiche, wie er von "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"manvolnum> </citerefentry> zurückgegeben wird und enthält Folgendes: "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<placeholder type=\"variablelist\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"user_attributes = +telephoneNumber, -loginShell\n"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"user_attributes = +telephoneNumber, -loginShell\n"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"It is possible to add another attribute to this set by using <quote>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"+attr_name</quote> or explicitly remove an attribute using <quote>-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"deny <quote>loginShell</quote>, you would use the following configuration: "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Es ist möglich, ein weiteres Attribut zu diesem Satz hinzuzufügen, indem Sie "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>+attr_name</quote> verwenden. Explizit entfernen lässt sich ein "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Attribut mit <quote>-attr_name</quote>. Um beispielsweise "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>telephoneNumber</quote> zu erlauben, aber <quote>loginShell</quote> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"abzuweisen, können Sie folgende Konfiguration verwenden: <placeholder type="
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"\"programlisting\" id=\"0\"/>"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Default: not set. Only the default set of POSIX attributes is allowed."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Voreinstellung: Nicht gesetzt. Nur der Standardsatz an POSIX-Attributen ist "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"Specifies an upper limit on the number of entries that are downloaded during "
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek"a wildcard lookup that overrides caller-supplied limit."
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozekmsgid "Default: 0 (let the caller set an upper limit)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refentryinfo>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<productname>sss rpc.idmapd plugin</productname> <author> <firstname>Noam</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#: sss_rpcidmapd.5.xml:26 sss_rpcidmapd.5.xml:32
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "sss_rpcidmapd"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "sss plugin configuration directives for rpc.idmapd"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "CONFIGURATION FILE"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"rpc.idmapd configuration file is usually found at <emphasis>/etc/idmapd."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"conf</emphasis>. See <citerefentry> <refentrytitle>idmapd.conf</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "SSS CONFIGURATION EXTENSION"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Enable SSS plugin"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"In section <quote>[Translation]</quote>, modify/set <quote>Method</quote> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"attribute to contain <emphasis>sss</emphasis>."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "[sss] config section"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"In order to change the default of one of the configuration attributes of the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<emphasis>sss</emphasis> plugin listed below you will need to create a "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"config section for it, named <quote>[sss]</quote>."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Configuration attributes"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "memcache (bool)"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "Indicates whether or not to use memcache optimisation technique."
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "SSSD INTEGRATION"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"[General]\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Verbosity = 2\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"# domain must be synced between NFSv4 server and clients\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"# Solaris/Illumos/AIX use \"localdomain\" as default!\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Domain = default\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"[Mapping]\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Nobody-User = nfsnobody\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Nobody-Group = nfsnobody\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"[Translation]\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"Method = sss\n"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"The following example shows a minimal idmapd.conf which makes use of the sss "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sss_rpcidmapd.5.xml:120 sssd-kcm.8.xml:180 include/seealso.xml:2
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgid "SEE ALSO"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekmsgstr "SIEHE AUCH"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>idmapd.conf</refentrytitle> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_ssh_authorizedkeys.1.xml:10 sss_ssh_authorizedkeys.1.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_ssh_authorizedkeys"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_ssh_authorizedkeys"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refmeta><manvolnum>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_ssh_authorizedkeys.1.xml:11 sss_ssh_knownhostsproxy.1.xml:11
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "get OpenSSH authorized keys"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "holt autorisierte OpenSSH-Schlüssel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>options</replaceable> </arg> <arg "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"choice='plain'><replaceable>USER</replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>Optionen</replaceable> </arg> <arg "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"choice='plain'><replaceable>BENUTZER</replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> for more information)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_authorizedkeys</command> beschafft öffentliche SSH-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Schlüssel für den Anwender <replaceable>BENUTZER</replaceable> und gibt sie "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"im OpenSSH-Format »authorized_keys« aus (weitere Informationen finden Sie im "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abschnitt »AUTHORIZED_KEYS-DATEIFORMAT« von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"command> for public key user authentication if it is compiled with support "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"manvolnum></citerefentry> man page for more details about this option."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek" AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys\n"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek" AuthorizedKeysCommandUser nobody\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If <quote>AuthorizedKeysCommand</quote> is supported, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"citerefentry> can be configured to use it by putting the following "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sucht nach öffentlichen Schlüsseln von Benutzern in der SSSD-Domain "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>DOMAIN</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><title>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_ssh_authorizedkeys.1.xml:84 sss_ssh_knownhostsproxy.1.xml:92
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "EXIT STATUS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "EXIT-STATUS"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: sss_ssh_authorizedkeys.1.xml:86 sss_ssh_knownhostsproxy.1.xml:94
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Im Erfolgsfall ist der Rückgabewert 0, andernfalls wird 1 zurückgegeben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refname>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: sss_ssh_knownhostsproxy.1.xml:10 sss_ssh_knownhostsproxy.1.xml:15
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "sss_ssh_knownhostsproxy"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "sss_ssh_knownhostsproxy"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refnamediv><refpurpose>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "get OpenSSH host keys"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "holt OpenSSH-Rechnerschlüssel"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>options</replaceable> </arg> <arg "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<replaceable>Optionen</replaceable> </arg> <arg "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"choice='plain'><replaceable>RECHNER</replaceable></arg> <arg "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"choice='opt'><replaceable>PROXY_BEFEHL</replaceable></arg>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum></citerefentry> for more information) <filename>/var/lib/sss/"
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"pubconf/known_hosts</filename> and establishes the connection to the host."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"create the connection to the host instead of opening a socket."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls ein <replaceable>PROXY_BEFEHL</replaceable> angegeben wurde, wird er "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zum Erstellen der Verbindung mit dem Rechner benutzt, anstatt ein Socket zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ProxyCommand /usr/bin/sss_ssh_knownhostsproxy -p %p %h\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"GlobalKnownHostsFile /var/lib/sss/pubconf/known_hosts\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"command> for host key authentication by using the following directives for "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> kann durch Verwendung der folgenden Richtlinien für die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfiguration von <citerefentry><refentrytitle>ssh</refentrytitle> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<manvolnum>1</manvolnum></citerefentry> so eingerichtet werden, dass es "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_ssh_knownhostsproxy</command> zur Authentifizierung des "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Rechnerschlüssels benutzt: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Use port <replaceable>PORT</replaceable> to connect to the host. By "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"default, port 22 is used."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzt Port <replaceable>PORT</replaceable> zur Verbindung mit dem Rechner. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Standardmäßig wird Port 22 verwendet."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sucht in der SSSD-Domain nach <replaceable>DOMAIN</replaceable> öffentlichen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Schlüsseln für den Rechner."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozekmsgid "idmap_sss"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "SSSD's idmap_sss Backend for Winbind"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"The idmap_sss module provides a way to call SSSD to map UIDs/GIDs and SIDs. "
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"No database is required in this case as the mapping is done by SSSD."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozekmsgid "IDMAP OPTIONS"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozekmsgid "range = low - high"
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Defines the available matching UID and GID range for which the backend is "
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"authoritative."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek"This example shows how to configure idmap_sss as the default mapping module."
a86d6cd05e3f823214587475b83d907f394c035eJakub Hrozek#. type: Content of: <reference><refentry><refsect1><programlisting>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"security = domain\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"workgroup = MAIN\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"idmap config * : backend = sss\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"idmap config * : range = 200000-2147483647\n"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "sssctl"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekmsgid "SSSD control and status utility"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"<command>sssctl</command> provides a simple and unified way to obtain "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"information about SSSD status, such as active server, auto-discovered "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"servers, domains and cached objects. In addition, it can manage SSSD data "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"files for troubleshooting in such a way that is safe to manipulate while "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"SSSD is running."
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"To list all available commands run <command>sssctl</command> without any "
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek"parameters. To print help for selected command run <command>sssctl COMMAND --"
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek"help</command>."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "sssd-files"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozekmsgid "SSSD files provider"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"This manual page describes the files provider for <citerefentry> "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The files provider mirrors the content of the <citerefentry> "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"provider is to make the users and groups traditionally only accessible with "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"NSS interfaces also available through the SSSD interfaces such as "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"manvolnum> </citerefentry>."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The files provider has no specific options of its own, however, generic SSSD "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"domain options can be set where applicable. Refer to the section "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"for details on the configuration of an SSSD domain."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"The following example assumes that SSSD is correctly configured and files is "
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"one of the domains in the <replaceable>[sssd]</replaceable> section."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"id_provider = files\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "sssd-secrets"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "SSSD Secrets responder"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This manual page describes the configuration of the Secrets responder for "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd.conf</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Many system and user applications need to store private information such as "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"passwords or service keys and have no good way to properly deal with them. "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The simple approach is to embed these <quote>secrets</quote> into "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration files potentially ending up exposing sensitive key material to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"backups, config management system and in general making it harder to secure "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The <ulink url=\"https://github.com/latchset/custodia\">custodia</ulink> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"project was born to deal with this problem in cloud like environments, but "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"we found the idea compelling even at a single system level. As a security "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"service, SSSD is ideal to host this capability while offering the same API "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek"via a UNIX Socket. This will make it possible to use local calls and have "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"them transparently routed to a local or a remote key management store like "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"IPA Vault for storage, escrow and recovery."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets are simple key-value pairs. Each user's secrets are namespaced "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"using their user ID, which means the secrets will never collide between "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"users. Secrets can be stored inside <quote>containers</quote> which can be "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "secrets"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "secrets for general usage"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "permissions on a newly created home directory."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> service."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"wird von <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry> benutzt, um die "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Standardzugriffsrechte für ein neu erstelltes Home-Verzeichnis anzugeben."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Since the secrets responder can be used both externally to store general "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"secrets, as described in the rest of this man page, but also internally by "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"other SSSD components to store their secret material, some configuration "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"options, like quotas can be configured per <quote>hive</quote> in a "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"configuration subsection named after the hive. The currently supported hives "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"are: <placeholder type=\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "USING THE SECRETS RESPONDER"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl start sssd-secrets.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl enable sssd-secrets.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl enable sssd-secrets.service\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets responder is socket-activated by <citerefentry> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"citerefentry>. Unlike other SSSD responders, it cannot be started by adding "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the <quote>secrets</quote> string to the <quote>service</quote> directive. "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The systemd socket unit is called <quote>sssd-secrets.socket</quote> and the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"corresponding service file is called <quote>sssd-secrets.service</quote>. In "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"order for the service to be socket-activated, make sure the socket is "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"enabled and active and the service is enabled: <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"0\"/> Please note your distribution may already "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configure the units for you."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The generic SSSD responder options such as <quote>debug_level</quote> or "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<quote>fd_limit</quote> are accepted by the secrets responder. Please refer "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"to the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"manvolnum> </citerefentry> manual page for a complete list. In addition, "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"there are some secrets-specific options as well."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The secrets responder is configured with a global <quote>[secrets]</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"section and an optional per-user <quote>[secrets/users/$uid]</quote> section "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"in <filename>sssd.conf</filename>. Please note that some options, notably as "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the provider type, can only be specified in the per-user subsections."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "provider (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "local"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets are stored in a local database, encrypted at rest with a master "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"key. The local provider does not have any additional config options at the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "proxy"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The secrets responder forwards the requests to a Custodia server. The proxy "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"provider supports several additional options (see below)."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This option specifies where should the secrets be stored. The secrets "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"responder can configure a per-user subsections (e.g. <quote>[secrets/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"users/123]</quote> - see bottom of this manual page for a full example using "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Custodia for a particular user) that define which provider store the secrets "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"for this particular user. The per-user subsections should contain all "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"options for that user's provider. Please note that currently the global "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"provider is always local, the proxy provider can only be specified in a per-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"user section. The following providers are supported: <placeholder type="
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"variablelist\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: local"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The following options affect only the secrets <quote>hive</quote> and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"therefore should be set in a per-hive subsection. Setting the option to 0 "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"means \"unlimited\"."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "containers_nest_level (integer)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "This option specifies the maximum allowed number of nested containers."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Default: 4"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "max_secrets (integer)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This option specifies the maximum number of secrets that can be stored in "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 1024 (secrets hive), 256 (kcm hive)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "pam_id_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "max_uid_secrets (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "pam_id_timeout (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This option specifies the maximum number of secrets that can be stored per-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"UID in the hive."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 256 (secrets hive), 64 (kcm hive)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "max_payload_size (integer)"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"This option specifies the maximum payload size allowed for a secret payload "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"in kilobytes."
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"max_payload_size = 128\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"max_payload_size = 256\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For example, to adjust quotas differently for both the <quote>secrets</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"quote> and the <quote>kcm</quote> hives, configure the following: "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following options are only applicable for configurations that use the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<quote>proxy</quote> provider."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "proxy_url (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The URL the Custodia server is listening on. At the moment, http and https "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"protocols are supported."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "http[s]://<host>[:port]"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "auth_type (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The method to use when authenticating to a Custodia server. The following "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"authentication methods are supported:"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "basic_auth"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Authenticate with a username and a password as set in the <quote>username</"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"quote> and <quote>password</quote> options."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "header"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Authenticate with HTTP header value as defined in the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration options."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "auth_header_name (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"If set, the secrets responder would put a header with this name into the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"HTTP request with the value defined in the <quote>auth_header_value</quote> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration option."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Example: MYSECRETNAME"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "auth_header_value (string)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Example: mysecret"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "forward_headers (list of strings)"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The list of HTTP headers to forward to the Custodia server together with the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "verify_peer (boolean)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Whether peer's certificate should be verified and valid if HTTPS protocol is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"used with the proxy provider."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "verify_host (boolean)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Whether peer's hostname must match with hostname in its certificate if HTTPS "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"protocol is used with the proxy provider."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "capath (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Path to directory containing stored certificate authority certificates. "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"System default path is used if this option is not set."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "cacert (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Path to file containing server's certificate authority certificate. If this "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"option is not set then the CA's certificate is looked up in <quote>capath</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "cert (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Path to file containing client's certificate if required by the server. This "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"file may also contain private key or the private key may be in separate file "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"set with <quote>key</quote>."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "key (string)"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "Path to file containing client's private key."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "USING THE REST API"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This section lists the available commands and includes examples using the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"</citerefentry> utility. All requests towards the proxy provider must set "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the Content Type header to <quote>application/json</quote>. In addition, the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"local provider also supports Content Type set to <quote>application/octet-"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"stream</quote>. Secrets stored with requests that set the Content Type "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"header to <quote>application/octet-stream</quote> are base64-encoded when "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"stored and decoded when retrieved, so it's not possible to store a secret "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"with one Content Type and retrieve with another. The secret URI must begin "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"with <filename>/secrets/</filename>."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Listing secrets"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To list the available secrets, send a HTTP GET request with a trailing slash "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"appended to the container path."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Retrieving a secret"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To read a value of a single secret, send a HTTP GET request without a "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"trailing slash. The last portion of the URI is the name of the secret."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/octet-stream\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"1\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Setting a secret"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To set a secret using the <quote>application/json</quote> type, send a HTTP "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"PUT request with a JSON payload that includes type and value. The type "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"should be set to \"simple\" and the value should be set to the secret value. "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"If a secret with that name already exists, the response is a 409 HTTP error."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The <quote>application/json</quote> type just sends the secret as the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"message payload."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/octet-stream\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" -d'barsecret'\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following example sets a secret named 'foo' to a value of 'foosecret' "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"and a secret named 'bar' to a value of 'barsecret' using a different Content "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Type. <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"1\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Creating a container"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Containers provide an additional namespace for this user's secrets. To "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"create a container, send a HTTP POST request, whose URI ends with the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"container name. Please note the URI must end with a trailing slash."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" -XPOST http://localhost/secrets/mycontainer/\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following example creates a container named 'mycontainer': <placeholder "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"http://localhost/secrets/mycontainer/mysecret\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To manipulate secrets under this container, just nest the secrets underneath "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "Deleting a secret or a container"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"To delete a secret or a container, send a HTTP DELETE request with a path to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"the secret or the container."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"curl -H \"Content-Type: application/json\" \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek" --unix-socket /var/run/secrets.socket \\\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"The following example deletes a secret named 'foo'. <placeholder type="
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozekmsgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"For testing the proxy provider, you need to set up a Custodia server to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"proxy requests to. Please always consult the Custodia documentation, the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"configuration directives might change with different Custodia versions."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"server_version = \"Secret/0.0.7\"\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"debug = True\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[store:simple]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"table = secrets\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[auth:header]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"handler = custodia.httpd.authenticators.SimpleHeaderAuth\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"header = MYSECRETNAME\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"value = mysecretkey\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[authz:paths]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"handler = custodia.httpd.authorizers.SimplePathAuthz\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"paths = /secrets\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"store = simple\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"This configuration will set up a Custodia server listening on http://"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"mysecretkey to communicate with the Custodia server. Place the contents "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"into a file (for example, <replaceable>custodia.conf</replaceable>): "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/>"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"config file as a command line argument."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"Please note that currently it's not possible to proxy all requests globally "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"to a Custodia instance. Instead, per-user subsections for user IDs that "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"should proxy requests to Custodia must be defined. The following example "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"illustrates a configuration, where the user with UID 123 would proxy their "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"requests to Custodia, but all other user's requests would be handled by a "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"local provider."
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><programlisting>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"[secrets]\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"provider = proxy\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"auth_type = header\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"auth_header_name = MYSECRETNAME\n"
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"auth_header_value = mysecretkey\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sssd-session-recording"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "Configuring sudo to cooperate with SSSD"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Configuring session recording with SSSD"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Sudo so konfigurieren, dass es mit SSSD zusammenarbeitet"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "This manual page describes the configuration of the simple access-control "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This manual page describes how to configure <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"implement user session recording on text terminals. For a detailed "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Diese Handbuchseite beschreibt die Konfiguration des einfachen "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Zugriffssteuerungsanbieters für <citerefentry> <refentrytitle>sssd</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. Eine ausführliche "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Syntax-Referenz finden Sie im Abschnitt »DATEIFORMAT« der Handbuchseite "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"SSSD can be set up to enable recording of everything specific users see or "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"type during their sessions on text terminals. E.g. when users log in on the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tlog-rec-session is started upon user login, so it can record according to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"its configuration."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For users with session recording enabled, SSSD replaces the user shell with "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tlog-rec-session in NSS responses, and adds a variable specifying the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"original shell to the user environment, upon PAM session setup. This way "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tlog-rec-session can be started in place of the user shell, and know which "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"actual shell to start, once it set up the recording."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "These options can be used to configure the PAC responder."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "These options can be used to configure the session recording."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Diese Optionen können zur Konfiguration des PAC-Responders verwendet werden."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The following snippet of sssd.conf enables session recording for users "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"contractor1\" and \"contractor2\", and group \"students\"."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"[session_recording]\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"scope = some\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"users = contractor1, contractor2\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"groups = students\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "sssd-kcm"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "SSSD Kerberos Cache Manager"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This manual page describes the configuration of the SSSD Kerberos Cache "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"credential caches. It originates in the Heimdal Kerberos project, although "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the MIT Kerberos library also provides client side (more details on that "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"below) support for the KCM credential cache."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"In a setup where Kerberos caches are managed by KCM, the Kerberos library "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"(typically used through an application, like e.g., <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"being referred to as a <quote>\"KCM server\"</quote>. The client and server "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"communicate over a UNIX socket."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"The KCM server keeps track of each credential caches's owner and performs "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"access check control based on the UID and GID of the KCM client. The root "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"user has access to all credential caches."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "The KCM credential cache has several interesting properties:"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"since the process runs in userspace, it is subject to UID namespacing, "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"unlike the kernel keyring"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"unlike the kernel keyring-based cache, which is shared between all "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"containers, the KCM server is a separate process whose entry point is a UNIX "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry> secrets store, allowing the ccaches to survive KCM server "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"restarts or machine reboots."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"This allows the system to use a collection-aware credential cache, yet share "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the credential cache between some or no containers by bind-mounting the "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekmsgid "USING THE KCM CREDENTIAL CACHE"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"[libdefaults]\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek" default_ccache_name = KCM:\n"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"In order to use KCM credential cache, it must be selected as the default "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"credential type in <citerefentry> <refentrytitle>krb5.conf</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"cache name must be only <quote>KCM:</quote> without any template "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"Next, make sure the Kerberos client libraries and the KCM server must agree "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"on the UNIX socket path. By default, both use the same path <replaceable>/"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"var/run/.heim_org.h5l.kcm-socket</replaceable>. To configure the Kerberos "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"library, change its <quote>kcm_socket</quote> option which is described in "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"the <citerefentry> <refentrytitle>krb5.conf</refentrytitle><manvolnum>5</"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"manvolnum> </citerefentry> manual page."
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl start sssd-kcm.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl enable sssd-kcm.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Finally, make sure the SSSD KCM server can be contacted. The KCM service is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"typically socket-activated by <citerefentry> <refentrytitle>systemd</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"services, it cannot be started by adding the <quote>kcm</quote> string to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the <quote>service</quote> directive. <placeholder type=\"programlisting\" "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"id=\"0\"/> Please note your distribution may already configure the units for "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "THE CREDENTIAL CACHE STORAGE"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl start sssd-secrets.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"systemctl enable sssd-secrets.socket\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The credential caches are stored in the SSSD secrets service (see "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry> for more details). Therefore it is important that "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"also the sssd-secrets service is enabled and its socket is started: "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"already set the dependencies between the services."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"conf file. Please note that currently, is it not sufficient to restart the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"sssd-kcm service, because the sssd configuration is only parsed and read to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"an internal configuration database by the sssd service. Therefore you must "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"restart the sssd service if you change anything in the <quote>kcm</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"section of sssd.conf. For a detailed syntax reference, refer to the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The generic SSSD service options such as <quote>debug_level</quote> or "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry> manual page for a complete list. In addition, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"there are some KCM-specific options as well."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "socket_path (string)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "The socket the KCM service will listen on."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Default: <replaceable>/var/run/.heim_org.h5l.kcm-socket</replaceable>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refname>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:10 sssd-systemtap.5.xml:16
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "sssd-simple"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "sssd-systemtap"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "sssd-simple"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refnamediv><refpurpose>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "SSSD systemtap information"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "The detailed instructions for configuration of sudo_provider are in the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>5</manvolnum> </citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This manual page provides information about the systemtap functionality in "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"</citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Detaillierte Anweisungen zur Konfiguration von sudo_provider finden Sie in "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"der Handbuchseite zu <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<manvolnum>5</manvolnum> </citerefentry>."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"SystemTap Probe points have been added into various locations in SSSD code "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"to assist in troubleshooting and analyzing performance related issues."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Sample SystemTap scripts are provided in /usr/share/sssd/systemtap/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Probes and miscellaneous functions are defined in /usr/share/systemtap/"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"tapset/sssd.stp and /usr/share/systemtap/tapset/sssd_functions.stp "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"respectively."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "PROBE POINTS"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:59 sssd-systemtap.5.xml:341
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"The information below lists the probe points and arguments available in the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"following format:"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "realm name"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe $name"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "Realm-Name"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Description of probe point"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"variable1:datatype\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"variable2:datatype\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"variable3:datatype\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Database Transaction Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_start"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:91 sssd-systemtap.5.xml:105 sssd-systemtap.5.xml:118
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"nesting:integer\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"probestr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_cancel"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_commit_before"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sysdb_transaction_commit_before() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sssd_transaction_commit_after"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sysdb_transaction_commit_after() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "LDAP Search Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_get_generic_ext_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:152 sssd-systemtap.5.xml:167 sssd-systemtap.5.xml:196
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"base:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"scope:integer\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"probestr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_get_generic_ext_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_deref_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_deref_search_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"base_dn:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"deref_attr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"probestr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_deref_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_deref_search_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "LDAP Account Request Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_acct_req_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_acct_req_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:219 sssd-systemtap.5.xml:234
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"entry_type:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter_type:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter_value:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"extra_value:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_acct_req_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_acct_req_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "LDAP User Search Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_send() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#: sssd-systemtap.5.xml:257 sssd-systemtap.5.xml:269 sssd-systemtap.5.xml:281
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#, fuzzy, no-wrap
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "fallback_homedir = /home/%u\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"fallback_homedir = /home/%u\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_recv"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_recv() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_save_begin"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_save_begin() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe sdap_search_user_save_end"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Probes the sdap_search_user_save_end() function."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Data Provider Request Probes"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe dp_req_send"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "A Data Provider request is submitted."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_domain:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_name:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_target:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_method:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "probe dp_req_done"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "A Data Provider request is completed."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_name:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_target:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_req_method:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_ret:int\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"dp_errorstr:string\n"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "MISCELLANEOUS FUNCTIONS"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "function acct_req_desc(entry_type)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Convert entry_type to string and return string"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"filter_value, extra_value)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Create probe string based on filter type"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "function dp_target_str(target)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Convert target to string and return string"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "function dp_method_str(target)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Convert method to string and return string"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "SERVICE DISCOVERY"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "DIENSTSUCHE"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The service discovery feature allows back ends to automatically find the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"appropriate servers to connect to using a special DNS query. This feature is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"not supported for backup servers."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Dienstsuchfunktionalität ermöglicht es Backends, automatisch mit Hilfe "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einer speziellen DNS-Abfrage geeignete Server zu suchen, mit denen sie sich "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"verbinden können. Diese Funktionalität wird nicht für Datensicherungs-Server "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterstützt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#: include/service_discovery.xml:9 include/ldap_id_mapping.xml:99
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Configuration"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Konfiguration"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If no servers are specified, the back end automatically uses service "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"discovery to try to find a server. Optionally, the user may choose to use "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"both fixed server addresses and service discovery by inserting a special "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"preference is maintained. This feature is useful if, for example, the user "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"prefers to use service discovery whenever possible, and fall back to a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"specific server when no servers can be discovered using DNS."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls keine Server angegeben wurden, benutzt das Backend die Dienstsuche, um "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einen Server zu finden. Wahlweise kann der Benutzer sowohl feste Server-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Adressen als auch die Dienstsuche durch Eingabe des speziellen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Schlüsselworts »_srv_« in der Server-Liste auswählen. Die bevorzugte "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Reihenfolge wird verwaltet. Diese Funktionalität ist zum Beispiel nützlich, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"falls der Anwender es vorzieht, die Dienstsuche zu verwenden, wann immer "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dies möglich ist, und auf einen bestimmten Server zurückzugreifen, wenn "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mittels DNS keine Server gefunden werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The domain name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Der Domain-Name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry> manual page for more details."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Einzelheiten finden Sie in der Handbuchseite <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry> beim Parameter »dns_discovery_domain«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The protocol"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Das Protokoll"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The queries usually specify _tcp as the protocol. Exceptions are documented "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in respective option description."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Abfragen geben als Protokoll üblicherweise »_tcp« an. Ausnahmen sind in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der Beschreibung der entsprechenden Option dokumentiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "See Also"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Siehe auch"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For more information on the service discovery mechanism, refer to RFC 2782."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Informationen über den Dienstsuchmechanismus finden Sie in RFC 2782."
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek#. type: Content of: <refentryinfo>
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<productname>SSSD</productname> <orgname>The SSSD upstream - https://pagure."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: outside any tag (error?)
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "FAILOVER"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "AUSFALLSICHERUNG"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The failover feature allows back ends to automatically switch to a different "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"server if the current server fails."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Ausfallsicherungsfunktionalität ermöglicht es, dass Backends automatisch "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"auf einen anderen Server wechseln, falls der aktuelle versagt."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Failover Syntax"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "AUSFALLSICHERUNGSSYNTAX"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The list of servers is given as a comma-separated list; any number of spaces "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"is allowed around the comma. The servers are listed in order of preference. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The list can contain any number of servers."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die Server werden als durch Kommata getrennte Liste angegeben. Um das Komma "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"herum ist eine beliebige Anzahl von Leerzeichen erlaubt. Die Server werden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"in Reihenfolge der Bevorzugung aufgeführt. Die Liste kann eine beliebige "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Anzahl von Servern enthalten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For each failover-enabled config option, two variants exist: "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"that servers in the primary list are preferred and backup servers are only "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"searched if no primary servers can be reached. If a backup server is "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"periodically try to reconnect to one of the primary servers. If it succeeds, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"it will replace the current active (backup) server."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Von jeder Konfigurationsoption mit aktivierter Ausfallsicherung existieren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zwei Varianten: <emphasis>primary</emphasis> und <emphasis>backup</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"emphasis>. Die Idee dahinter ist, dass Server in der Liste »primary« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"bevorzugt werden und nur nach »backup«-Servern gesucht wird, falls kein "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»primary«-Server erreichbar ist. Falls ein »backup«-Server ausgewählt wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wird eine Dauer von 31 Sekunden bis zur Zeitüberschreitung festgelegt. Nach "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dieser Zeit wird SSSD periodisch versuchen, sich mit einem der primären "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Server zu verbinden. Ist dies erfolgreich, wird es den derzeit aktiven "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(»backup«-)Server ersetzen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The Failover Mechanism"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Der Ausfallsicherungsmechanismus"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The failover mechanism distinguishes between a machine and a service. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"back end first tries to resolve the hostname of a given machine; if this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"resolution attempt fails, the machine is considered offline. No further "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"attempts are made to connect to this machine for any other service. If the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"resolution attempt succeeds, the back end tries to connect to a service on "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"this machine. If the service connection attempt fails, then only this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"particular service is considered offline and the back end automatically "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"switches over to the next service. The machine is still considered online "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"and might still be tried for another service."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der Ausfallsicherungsmechanismus unterscheidet zwischen einer Maschine und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einem Dienst. Das Backend versucht zuerst, den Rechnernamen der angegebenen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Maschine aufzulösen. Falls dieser Versuch scheitert, wird davon ausgegangen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dass die Maschine offline ist und sie auch für keinen anderen Dienst zur "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verfügung steht. Kann der den Namen erfolgreich aufgelöst werden, versucht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"das Backend, sich mit einem Dienst auf dieser Maschine zu verbinden. Ist das "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nicht möglich, dann wird nur dieser bestimmte Dienst als offline angesehen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und das Backend wechselt automatisch weiter zum nächsten. Die Maschine wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"weiterhin als online betrachtet und kann immer noch für andere Dienste "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"herangezogen werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Further connection attempts are made to machines or services marked as "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"offline after a specified period of time; this is currently hard coded to 30 "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Weitere Verbindungsversuche zu Maschinen oder Diensten, die als offline "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gekennzeichnet sind, werden erst nach einer angegebenen Zeitspanne "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unternommen. Diese ist derzeit hart auf 30 Sekunden codiert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"If there are no more machines to try, the back end as a whole switches to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"offline mode, and then attempts to reconnect every 30 seconds."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Falls es weitere Maschinen durchzuprobieren gibt, wechselt das Backend als "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Ganzes in den Offline-Modus und versucht dann alle 30 Sekunden, sich erneut "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zu verbinden."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "Failover time outs and tuning"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Resolving a server to connect to can be as simple as running a single DNS "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"query or can involve several steps, such as finding the correct site or "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"trying out multiple host names in case some of the configured servers are "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"not reachable. The more complex scenarios can take some time and SSSD needs "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"to balance between providing enough time to finish the resolution process "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"but on the other hand, not trying for too long before falling back to "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"offline mode. If the SSSD debug logs show that the server resolution is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"timing out before a live server is contacted, you can consider changing the "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "dns_resolver_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "dns_resolver_op_timeout"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "dns_resolver_timeout (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "How long would SSSD talk to a single DNS server."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| msgid "dns_resolver_timeout (integer)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgid "dns_resolver_timeout"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozekmsgstr "dns_resolver_timeout (Ganzzahl)"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"How long would SSSD try to resolve a failover service. This service "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"resolution internally might include several steps, such as resolving DNS SRV "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"queries or locating the site."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "All of the common configuration options that apply to SSSD domains also "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "section of the <citerefentry> <refentrytitle>sssd.conf</refentrytitle> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#| "<placeholder type=\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"This section lists the available tunables. Please refer to their description "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"in the <citerefentry> <refentrytitle>sssd.conf</refentrytitle><manvolnum>5</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"Alle häufigen Konfigurationsoptionen, die für SSSD-Domains gelten, gelten "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"auch für LDAP-Domains. Umfassende Einzelheiten finden Sie im Abschnitt "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"»DOMAIN-ABSCHNITTE« der Handbuchseite <citerefentry> <refentrytitle>sssd."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>. <placeholder "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"type=\"variablelist\" id=\"0\"/>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#. type: Content of: <refsect1><refsect2><para>
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"For LDAP-based providers, the resolve operation is performed as part of an "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"quote> timeout should be set to a larger value than "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"value than <quote>dns_resolver_op_timeout</quote>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ID MAPPING"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ID-ABBILDUNG"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The ID-mapping feature allows SSSD to act as a client of Active Directory "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"without requiring administrators to extend user attributes to support POSIX "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"attributes for user and group identifiers."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die ID-Abbildungsfunktionalität ermöglicht es SSSD, als Client eines Active "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Directorys zu agieren, ohne dass Administratoren Benutzerattribute erweitern "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"müssen, damit POSIX-Attribute für Benutzer- und Gruppenkennzeichner "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"unterstützt werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ignored. This is to avoid the possibility of conflicts between automatically-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"assigned and manually-assigned values. If you need to use manually-assigned "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"values, ALL values must be manually-assigned."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Wenn ID-Abbildung aktiviert ist, werden die Attribute »uidNumber« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und »gidNumber« ignoriert. Dies geschieht, um mögliche Konflikte zwischen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"automatisch und manuell zugewiesenen Werten zu vermeiden. Falls Sie manuell "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"zugewiesene Werte benutzen müssen, müssen Sie ALLE Werte manuell zuweisen."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Please note that changing the ID mapping related configuration options will "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"cause user and group IDs to change. At the moment, SSSD does not support "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"changing IDs, so the SSSD database must be removed. Because cached passwords "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"are also stored in the database, removing the database should only be "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"performed while the authentication servers are reachable, otherwise users "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"might get locked out. In order to cache the password, an authentication must "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"be performed. It is not sufficient to use <citerefentry> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"citerefentry> to remove the database, rather the process consists of:"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bitte beachten Sie, dass die Änderung der die ID-Abbildung betreffenden "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Konfigurationsoptionen auch die Änderung der Benutzer- und Gruppen-IDs nach "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"sich zieht. Momentan unterstützt SSSD die Änderung der IDs nicht, daher muss "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"die Datenbank entfernt werden. Da auch zwischengespeicherte Passwörter in "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"der Datenbank enthalten sind, sollte diese nur entfernt werden, während die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Authentifizierungsserver erreichbar sind, anderenfalls könnten Benutzer "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"ausgesperrt werden. Um das Passwort zwischenzuspeichern, muss eine "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Authentifizierung ausgeführt werden. Es reicht nicht aus, <citerefentry> "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"citerefentry> zum Löschen der Datenbank auszuführen, vielmehr sind folgende "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Schritte erforderlich:"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Making sure the remote servers are reachable"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Stellen Sie sicher, dass entfernte Server erreichbar sind."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Stopping the SSSD service"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Stoppen Sie den SSSD-Dienst."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Removing the database"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Entfernen Sie die Datenbank."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Starting the SSSD service"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Starten Sie den SSSD-Dienst."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Moreover, as the change of IDs might necessitate the adjustment of other "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"system properties such as file and directory ownership, it's advisable to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"plan ahead and test the ID mapping configuration thoroughly."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Außerdem ist es ratsam, vorauszuplanen und die ID-Abbildung gründlich zu "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"testen, da die Änderung der IDs Änderungen anderer Systemeigenschaften nach "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"sich ziehen könnte, wie die Besitzverhältnisse von Dateien und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Verzeichnissen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Mapping Algorithm"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Abbildungsalgorithmus"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory provides an objectSID for every user and group object in "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"the directory. This objectSID can be broken up into components that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"represent the Active Directory domain identity and the relative identifier "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"(RID) of the user or group object."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory stellt für jedes Benutzer- und Gruppenobjekt im Verzeichnis "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"eine »objectSID« bereit. Diese »objectSID« kann in Bestandteile zerlegt "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden, die die Active-Directory-Domain-Identität und den relativen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bezeichner (RID) des Benutzer- oder Gruppenobjekts darstellen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"into equally-sized component sections - called \"slices\"-. Each slice "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"represents the space available to an Active Directory domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Der ID-Abbildungsalgorithmus von SSSD nimmt einen Bereich verfügbarer UIDs "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und teilt sie in gleich große Bestandteile, »Slices« genannt. Jeder Slice "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"steht für den verfügbaren Speicher einer Active-Directory-Domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When a user or group entry for a particular domain is encountered for the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"first time, the SSSD allocates one of the available slices for that domain. "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In order to make this slice-assignment repeatable on different client "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"machines, we select the slice based on the following algorithm:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn ein Benutzer- oder Gruppeneintrag für eine bestimmt Domain zum ersten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Mal vorgefunden wird, reserviert der SSSD einen der verfügbaren Slices für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"diese Domain. Um eine Slice-Zuteilung auf verschiedenen Client-Maschinen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"wiederholbar zu machen, wählen wir den Slice, der auf dem folgenden "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Algorithmus basiert:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The SID string is passed through the murmurhash3 algorithm to convert it to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"a 32-bit hashed value. We then take the modulus of this value with the total "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"number of available slices to pick the slice."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Die Zeichenkette durchläuft den Algorithmus Murmurhash3, um sie in einen 32-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bit-Hash-Wert umzuwandeln. Dann wird der Betrag dieses Werts mit der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Gesamtzahl verfügbarer Slices genommen, um den Slice auszusuchen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: It is possible to encounter collisions in the hash and subsequent "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"modulus. In these situations, we will select the next available slice, but "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"it may not be possible to reproduce the same exact set of slices on other "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"machines (since the order that they are encountered will determine their "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"slice). In this situation, it is recommended to either switch to using "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"configure a default domain to guarantee that at least one is always "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"consistent. See <quote>Configuration</quote> for details."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Es ist möglich, dass Kollisionen zwischen dem Hash und "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nachfolgenden Beträgen auftreten. In diesen Situationen werden wir den "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"nächsten verfügbaren Slice auswählen, aber es ist wahrscheinlich nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"möglich, den genau gleichen Satz von Slices auf anderen Maschinen zu "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"reproduzieren (da die Reihenfolge, in der sie vorgefunden werden, ihren "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Slice bestimmt). In dieser Situtation wird empfohlen, entweder auf die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Verwendung expliziter POSIX-Attribute in Active Directory zu wechseln (ID-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Abbildung deaktivieren) oder eine Standard-Domain zu konfigurieren, um "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"sicherzustellen, dass wenigstens eine immer beständig ist. Einzelheiten "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"finden Sie unter »Konfiguration«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Minimum configuration (in the <quote>[domain/DOMAINNAME]</quote> section):"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Minimalkonfiguration (im Abschnitt »[domain/DOMAINNAME]«):"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_id_mapping = True\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_schema = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_id_mapping = True\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ldap_schema = ad\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The default configuration results in configuring 10,000 slices, each capable "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"of holding up to 200,000 IDs, starting from 200,000 and going up to "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"2,000,200,000. This should be sufficient for most deployments."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Advanced Configuration"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Fortgeschrittene Konfiguration"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_idmap_range_min (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_idmap_range_min (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the lower bound of the range of POSIX IDs to use for mapping "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory user and group SIDs."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Untergrenze des Bereichs von POSIX-IDs an, der zum Abbilden von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: This option is different from <quote>min_id</quote> in that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>min_id</quote> acts to filter the output of requests to this domain, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"whereas this option controls the range of ID assignment. This is a subtle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"distinction, but the good general advice would be to have <quote>min_id</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Diese Option unterscheidet sich von »min_id«, wobei »min_id« als "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »min_id« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"kleiner oder gleich »ldap_idmap_range_min« sein sollte."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#: include/ldap_id_mapping.xml:137 include/ldap_id_mapping.xml:191
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 200000"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 200000"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_idmap_range_max (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_idmap_range_max (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the upper bound of the range of POSIX IDs to use for mapping "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active Directory user and group SIDs."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Obergrenze des Bereichs von POSIX-IDs an, der zum Abbilden von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Active-Directory-Benutzern und Gruppen-SIDs benutzt wird."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: This option is different from <quote>max_id</quote> in that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>max_id</quote> acts to filter the output of requests to this domain, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"whereas this option controls the range of ID assignment. This is a subtle "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"distinction, but the good general advice would be to have <quote>max_id</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Diese Option unterscheidet sich von »max_id« wobei »max_id« als "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Filter für die Ausgabe von Anfragen an diese Domain agiert, wohingegen diese "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Option den Bereich der ID-Zuweisung steuert. Dies ist ein feiner "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Unterschied, aber es wäre ein allgemein guter Ratschlag, dass »max_id« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"größer oder gleich »ldap_idmap_range_max« sein sollte."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: 2000200000"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Voreinstellung: 2000200000"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_idmap_range_size (integer)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_idmap_range_size (Ganzzahl)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specifies the number of IDs available for each slice. If the range size "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"does not divide evenly into the min and max values, it will create as many "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"complete slices as it can."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Anzahl der für jeden Slice verfügbaren IDs an. Falls sich die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bereichsgröße nicht gleichmäßig in die minimalen und maximalen Werte teilen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"lässt, werden so viele komplette Slices wie möglich erstellt."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"NOTE: The value of this option must be at least as large as the highest user "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"RID planned for use on the Active Directory server. User lookups and login "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"will fail for any user whose RID is greater than this value."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"HINWEIS: Der Wert dieser Option muss mindestens so groß sein wie die größte "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Benutzer-RID, die jemals auf dem Active-Directory-Server verwendet werden "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"soll. Das Nachschlagen und Anmelden von Benutzern wird scheitern, wenn deren "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"RIDs größer sind als dieser Wert."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"For example, if your most recently-added Active Directory user has "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"equal to maximal SID minus minimal SID plus one (e.g. 1108 = 1107 - 0 + 1)."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"It is important to plan ahead for future expansion, as changing this value "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"will result in changing all of the ID mappings on the system, leading to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"users with different local IDs than they previously had."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Es ist wichtig, für spätere Erweiterungen vorauszuplanen, da die Änderung "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"dieses Wertes zur Änderung aller ID-Abbildungen des Systems führt. Dadurch "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"können Benutzer andere lokale IDs als vorher haben."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_idmap_default_domain_sid (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_idmap_default_domain_sid (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Specify the domain SID of the default domain. This will guarantee that this "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"domain will always be assigned to slice zero in the ID map, bypassing the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"murmurhash algorithm described above."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gibt die Domain-SID der Standard-Domain an. Dies wird sicherstellen, dass "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"diese Domain immer dem Slice null im ID-Abbild zugeordnet wird. Dabei wird "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"der oben beschriebene Murmurhash-Algorithmus umgangen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_idmap_default_domain (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_idmap_default_domain (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Specify the name of the default domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "gibt den Namen der Standard-Domain an."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "ldap_idmap_autorid_compat (boolean)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "ldap_idmap_autorid_compat (Boolesch)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"winbind's <quote>idmap_autorid</quote> algorithm."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ändert das Verhalten des ID-Abbildungsalgorithmus so, dass es dem "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Algorithmus »idmap_autorid« von Winbind ähnlicher ist."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"When this option is configured, domains will be allocated starting with "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"slice zero and increasing monatomically with each additional domain."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Wenn diese Option konfiguriert wurde, werden Domains beginnend bei Slice "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"null reserviert und gleichmäßig mit jeder zusätzlichen Domain vergrößert."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"NOTE: This algorithm is non-deterministic (it depends on the order that "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"users and groups are requested). If this mode is required for compatibility "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"with machines running winbind, it is recommended to also use the "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"least one domain is consistently allocated to slice zero."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"HINWEIS: Der Algorithmus ist nicht deterministisch (er hängt von der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Reihenfolge ab, in der Benutzer und Gruppen abgefragt werden). Falls dieser "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Modus aus Kompatibilitätsgründen mit Maschinen, die Winbind ausführen, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erforderlich ist, wird empfohlen, auch die Option "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_idmap_default_domain_sid« zu verwenden. Dies soll sicherstellen, dass "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"mindestens eine Domain beständig für den Slice null reserviert ist."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekmsgid "ldap_idmap_helper_table_size (integer)"
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Maximal number of secondary slices that is tried when performing mapping "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"from UNIX id to SID."
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"Note: Additional secondary slices might be generated when SID is being "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"mapped to UNIX id and RID part of SID is out of range for secondary slices "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek"then no additional secondary slices are generated."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><title>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Well-Known SIDs"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Bekannte Sicherheits-IDs"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"SSSD supports to look up the names of Well-Known SIDs, i.e. SIDs with a "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"special hardcoded meaning. Since the generic users and groups related to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"those Well-Known SIDs have no equivalent in a Linux/UNIX environment no "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"POSIX IDs are available for those objects."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"SSSD unterstützt das Nachschlagen der Namen sogenannter bekannter "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Sicherheits-IDs, die eine spezielle unveränderliche Bedeutung haben. Da "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"generische Benutzer und Gruppen, die sich auf diese bekannten SIDs beziehen, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"keine Entsprechung in einer Linux/UNIX-Umgebung haben, sind für diese "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Objekte keine POSIX-IDs verfügbar."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The SID name space is organized in authorities which can be seen as "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"different domains. The authorities for the Well-Known SIDs are"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der SID-Namensraum ist in Autoritäten organisiert, die als unterschiedliche "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Domains betrachtet werden können. Die Autoritäten für die bekannten SIDs sind"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Null Authority"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Null-Autorität (Null Authority)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "World Authority"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Weltweit anerkannte Autorität (World Authority)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Local Authority"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Lokale Autorität (Local Authority)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Creator Authority"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Ersteller-Autorität (Creator Authority)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "NT Authority"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "NT-Autorität (NT Authority)"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "Built-in"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Eingebaut"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The capitalized version of these names are used as domain names when "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"returning the fully qualified name of a Well-Known SID."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Die mit großem Anfangsbuchstaben geschriebenen Versionen dieser Namen werden "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"als Domainnamen verwendet, wenn der voll qualifizierte Name einer bekannten "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Sicherheits-ID zurückgegeben wird."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <refsect1><refsect2><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Since some utilities allow to modify SID based access control information "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"with the help of a name instead of using the SID directly SSSD supports to "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"look up the SID by the name as well. To avoid collisions only the fully "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"qualified names can be used to look up Well-Known SIDs. As a result the "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"names in <filename>sssd.conf</filename>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Da einige Dienstprogramme die Änderung der Sicherheits-ID-basierten "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Zugriffskontrollinformationen mit Hilfe des Namens ermöglichen, anstelle die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Sicherheits-ID direkt zu verwenden, unterstützt SSSD die Suche nach der SID "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"anhand des Namens ebenfalls. Um Überschneidungen zu vermeiden, können nur "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"voll qualifizierte Namen bei der Suche nach bekannten Sicherheit-IDs "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"verwendet werden. Daher sollten die Domainnamen <quote>NULL AUTHORITY</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"quote>, <quote>WORLD AUTHORITY</quote>, <quote> LOCAL AUTHORITY</quote>, "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>CREATOR AUTHORITY</quote>, <quote>NT AUTHORITY</quote> und "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<quote>BUILTIN</quote> nicht als Domainnamen in <filename>sssd.conf</"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"filename> verwendet werden."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-?</option>,<option>--help</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-?</option>,<option>--help</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#: include/param_help.xml:7 include/param_help_py.xml:7
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Display help message and exit."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "zeigt den Hilfetext und beendet sich."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "<option>-h</option>,<option>--help</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "<option>-h</option>,<option>--help</option>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:3 include/debug_levels_tools.xml:3
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"SSSD supports two representations for specifying the debug level. The "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"simplest is to specify a decimal value from 0-9, which represents enabling "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"that level and all lower-level debug messages. The more comprehensive option "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"is to specify a hexadecimal bitmask to enable or disable specific levels "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"(such as if you wish to suppress a level)."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"SSSD unterstützt zwei Darstellungsmodi für die Angabe der Debug-Stufe. Die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"einfachste ist die Angabe eines Dezimalwerts von 0 bis 9, welche die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Aktivierung der Meldungen der entsprechenden Stufe und aller niederer Stufen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"bewirkt. Eine umfassendere Option ist die Angabe einer hexadezimalen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bitmaske, um spezifische Stufen zu aktivieren oder zu deaktivieren (wenn Sie "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"beispielsweise eine Stufe unterdrücken wollen)."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"Please note that each SSSD service logs into its own log file. Also please "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"section only enables debugging just for the sssd process itself, not for the "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"responder or provider processes. The <quote>debug_level</quote> parameter "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"should be added to all sections that you wish to produce debug logs from."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <listitem><para>
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"In addition to changing the log level in the config file using the "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"restart, it is also possible to change the debug level on the fly using the "
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek"manvolnum> </citerefentry> tool."
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:29 include/debug_levels_tools.xml:10
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Currently supported debug levels:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "derzeit unterstützte Debug-Stufen:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:32 include/debug_levels_tools.xml:13
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"Anything that would prevent SSSD from starting up or causes it to cease "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Schwerwiegende Fehler. "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Alles was SSSD am Start hindern oder es beenden könnte."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:38 include/debug_levels_tools.xml:19
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"error that doesn't kill SSSD, but one that indicates that at least one major "
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek"feature is not going to work properly."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:45 include/debug_levels_tools.xml:26
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"error announcing that a particular request or operation has failed."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Ernsthafte Fehler. Dies "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"sind Fehler, bei denen eine bestimmte Anfrage oder Operation fehlgeschlagen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:50 include/debug_levels_tools.xml:31
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"are the errors that would percolate down to cause the operation failure of 2."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Kleinere Fehler. Dies "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"sind Fehler, die von geringerer Bedeutung als die fehlgeschlagenen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Operationen in der Stufe 2 sind."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:55 include/debug_levels_tools.xml:36
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Konfigurationseinstellungen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:59 include/debug_levels_tools.xml:40
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Funktionsdaten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:63 include/debug_levels_tools.xml:44
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"operation functions."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Meldungen aus der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Verfolgung von Operationsfunktionen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:67 include/debug_levels_tools.xml:48
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"internal control functions."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Meldungen aus der "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Verfolgung interner Kontrollfunktionen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:72 include/debug_levels_tools.xml:53
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"internal variables that may be interesting."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Inhalte "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"funktionsinterner Variablen, die von Interesse sein könnten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:77 include/debug_levels_tools.xml:58
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"tracing information."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Verfolgungsmeldungen "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"extrem niederster Ebene."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:81 include/debug_levels_tools.xml:62
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"To log required bitmask debug levels, simply add their numbers together as "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"shown in following examples:"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Um die Debug-Stufen nach Bitmaske zu protokollieren, fügen Sie deren Nummern "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"hinzu, wie in den folgenden Beispielen gezeigt:"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:85 include/debug_levels_tools.xml:66
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"serious failures and function data use 0x0270."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>Beispiel</emphasis>: Um fatale, kritische, schwerwiegende Fehler "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"und Funktionsdaten zu protokollieren, benutzen Sie 0x0270."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:89 include/debug_levels_tools.xml:70
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"function data, trace messages for internal control functions use 0x1310."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<emphasis>Beispiel</emphasis>: Um fatale Fehler, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Konfigurationseinstellungen, Funktionsdaten und Verfolgungsnachrichten für "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"interne Steuerfunktionen zu protokollieren, benutzen Sie 0x1310."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:94 include/debug_levels_tools.xml:75
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>Hinweis</emphasis>: Das Bitmasken-Format der Debug-Level wurde in "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"1.7.0 eingeführt."
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek#. type: Content of: <listitem><para>
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek#: include/debug_levels.xml:98 include/debug_levels_tools.xml:79
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekmsgid "<emphasis>Default</emphasis>: 0"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "<emphasis>Voreinstellung</emphasis>: 0"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: outside any tag (error?)
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"<emphasis> This is an experimental feature, please use https://pagure.io/"
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek"SSSD/sssd/ to report any issues. </emphasis>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><title>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "THE LOCAL DOMAIN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "DIE LOKALE DOMAIN"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"In order to function correctly, a domain with <quote>id_provider=local</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"quote> must be created and the SSSD must be running."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Für korrektes Funktionieren muss eine Domain mit »id_provider=local« "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"erstellt sein und SSSD muss laufen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"The administrator might want to use the SSSD local users instead of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"traditional UNIX users in cases where the group nesting (see <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>) is needed. The local users are also useful for testing and "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"development of the SSSD without having to deploy a full remote server. The "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"local LDB storage to store users and groups."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Möglicherweise möchte der Administrator in Fällen, in denen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Gruppenverschachtelung (siehe <citerefentry> <refentrytitle>sss_groupadd</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>) benötigt wird, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"lokale Benutzer anstelle traditioneller UNIX-Benutzer verwenden. Die lokalen "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Benutzer sind auch für das Testen und Entwickeln von SSSD nützlich, ohne "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"dass ein vollständiger ferner Server bereitgestellt werden muss. Die "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<command>sss_user*</command>- und <command>sss_group*</command>-Werkzeuge "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"benutzen einen lokalen LDB-Speicher, um Benutzer und Gruppen abzulegen."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <refsect1><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>, <citerefentry> <refentrytitle>sssd.conf</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek"citerefentry> </phrase>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"for this attribute type."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"ein optionaler Basis-DN, Gültigkeitsbereich für die Suche und LDAP-Filter, "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"um die LDAP-Suchen für diesen Attributtyp einzuschränken."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "search_base[?Gültigkeitsbereich?[Filter][?Suchbasis?Gültigkeitsbereich?[Filter]]*]\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek"functions as specified in section 4.5.1.2 of http://tools.ietf.org/html/"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der Bereich kann entweder »base«, »onlevel« oder »subtree« sein. Die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Bereiche funktionieren wie im Abschnitt 4.5.1.2 auf http://tools.ietf.org/"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"For examples of this syntax, please refer to the <quote>ldap_search_base</"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"quote> examples section."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Beispiele für diese Syntax finden Sie im Beispielabschnitt von "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"»ldap_search_base«."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that specifying scope or filter is not supported for searches "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"against an Active Directory Server that might yield a large number of "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"results and trigger the Range Retrieval extension in the response."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass die Angabe von Gültigkeitsbereich oder Filter nicht "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"beim Suchen auf einem Active-Directory-Server unterstützt wird, der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"möglicherweise eine große Anzahl an Ergebnissen zurückliefern und in der "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Antwort die Erweiterung »Range Retrieval« auslösen könnte."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Please note that the automounter only reads the master map on startup, so if "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"any autofs-related changes are made to the sssd.conf, you typically also "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"need to restart the automounter daemon after restarting the SSSD."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Bitte beachten Sie, dass der Automounter beim Start nur die Master-Abbildung "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"liest. Daher müssen Sie normalerweise, falls irgendwelche zu Autofs "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"gehörigen Änderungen in der »sssd.conf« vorgenommen wurden, den Automounter-"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Daemon nach dem SSSD-Neustart ebenfalls neu starten."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "override_homedir (string)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "override_homedir (Zeichenkette)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "UID number"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "UID-Nummer"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "domain name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "Domain-Name"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "fully qualified user name (user@domain)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "voll qualifizierter Benutzername (Benutzer@Domain)"
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozekmsgid "The first letter of the login name."
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
fbeb1aba9e11e7aab8adac943276ca040f0c5311Jakub Hrozekmsgid "UPN - User Principal Name (name@REALM)"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "The original home directory retrieved from the identity provider."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgstr "das Original-Home-Verzeichnis, das vom Identitätsanbieter geholt wurde"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "The value of configure option <emphasis>homedir_substring</emphasis>."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der Wert der Konfigurationsoption <emphasis>homedir_substring</emphasis>."
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"Override the user's home directory. You can either provide an absolute value "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"or a template. In the template, the following sequences are substituted: "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"<placeholder type=\"variablelist\" id=\"0\"/>"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"setzt das Home-Verzeichnis des Benutzers außer Kraft. Sie können entweder "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"einen absoluten Wert oder eine Schablone bereitstellen. In der Schablone "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"werden die folgenden Sequenzen ersetzt: <placeholder type=\"variablelist\" "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para><programlisting>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"override_homedir = /home/%u\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik"override_homedir = /home/%u\n"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#. type: Content of: <varlistentry><listitem><para>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikmsgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Voreinstellung: nicht gesetzt (SSSD wird den von LDAP geholten Wert benutzen)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><term>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "homedir_substring (string)"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "homedir_substring (Zeichenkette)"
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"The value of this option will be used in the expansion of the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"<emphasis>override_homedir</emphasis> option if the template contains the "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"contain this template so that this option can be used to expand the home "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"directory path for each client machine (or operating system). It can be set "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"per-domain or globally in the [nss] section. A value specified in a domain "
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek"section will override one set in the [nss] section."
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Der Wert dieser Option wird als Auflösung der Option "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"<emphasis>override_homedir</emphasis> verwendet, falls die Vorlage die "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Formatzeichenkette <emphasis>%H</emphasis> enthält. Ein LDAP-"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Verzeichniseintrag kann diese Schablone direkt enthalten, so dass diese "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"Option zum Auflösen des Pfades zum Home-Verzeichnis für jeden Client-Rechner "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"(oder Betriebssystem) verwendet werden kann. Sie kann pro-Domain oder global "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"im Abschnitt [nss] gesetzt werden. Ein im Domain-Abschnitt angegebener Wert "
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek"setzt jenen im [nss]-Abschnitt außer Kraft."
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek#. type: Content of: <varlistentry><listitem><para>
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozekmsgid "Default: /home"
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozekmsgstr "Voreinstellung: /home"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:2 include/ipa_modified_defaults.xml:2
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "MODIFIED DEFAULT OPTIONS"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Certain option defaults do not match their respective backend provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"defaults, these option names and AD provider-specific defaults are listed "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:9 include/ipa_modified_defaults.xml:9
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "KRB5 Provider"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:13 include/ipa_modified_defaults.xml:13
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_validate = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_enterprise_principal = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_schema = ad"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:33 include/ipa_modified_defaults.xml:38
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_force_upper_case_realm = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_id_mapping = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_sasl_mech = gssapi"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_referrals = false"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_account_expire_policy = ad"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#: include/ad_modified_defaults.xml:58 include/ipa_modified_defaults.xml:58
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_use_tokengroups = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"Certain option defaults do not match their respective backend provider "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek"defaults, these option names and IPA provider-specific defaults are listed "
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_use_fast = try"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "krb5_canonicalize = true"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider - General"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_schema = ipa_v1"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_sasl_mech = GSSAPI"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_sasl_minssf = 56"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_account_expire_policy = ipa"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider - User options"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_member_of = memberOf"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_uuid = ipaUniqueID"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_ssh_public_key = ipaSshPubKey"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_user_auth_type = ipaUserAuthType"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><title>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "LDAP Provider - Group options"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_object_class = ipaUserGroup"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_object_class_alt = posixGroup"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_member = member"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_uuid = ipaUniqueID"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozekmsgid "ldap_group_external_member = ipaExternalMember"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "Determines if a domain can be enumerated. This parameter can have one of "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "the following values:"
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "bestimmt, ob eine Domain aufgezählt werden kann. Dieser Parameter kann "
7465d6a1ef6e83825dba3a4dc4dda7271671aba0Jakub Hrozek#~ "einen der folgenden Werte haben:"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "running."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "<command>sss_debuglevel</command> ändert die Debug-Stufe des SSSD-"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "Überwachungsmonitors und Anbieters auf <replaceable>NEUE_DEBUG_STUFE</"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ "replaceable> während SSSD ausgeführt wird."
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
9a839b29816c8906d4a6b074cf76df790cac9209Jakub Hrozek#~ msgstr "<replaceable>NEUE_DEBUG_STUFE</replaceable>"