#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "the configuration file for SSSD"
msgstr "El archivo de configuración de SSSD"
#. type: Content of: <reference><refentry><refsect1><title>
msgstr "Formato de archivo"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"<replaceable>[section]</replaceable>\n"
"<replaceable>key</replaceable> = <replaceable>value</replaceable>\n"
"<replaceable>key2</replaceable> = <replaceable>value2,value3</replaceable>\n"
#. type: Content of: <reference><refentry><refsect1><para>
"The file has an ini-style syntax and consists of sections and parameters. A "
"section begins with the name of the section in square brackets and continues "
"until the next section begins. An example of section with single and multi-"
"valued parameters: <placeholder type=\"programlisting\" id=\"0\"/>"
"El archivo posee una sintaxis de tipo ini consistente de secciones y "
"parámetros. Una sección comienza con el nombre de dicha sección colocado "
"entre corchetes, y continua hasta que comienza la próxima sección. Este es "
"un ejemplo de una sección con parámetros de valores simples y múltiples: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"The data types used are string (no quotes needed), integer and bool (with "
"Los tipos de datos utilizados son cadenas (no es necesario ingresarlos entre "
"comillas), enteros o booleanos (cuyos valores son <quote>
TRUE/FALSE</quote>)."
#. type: Content of: <reference><refentry><refsect1><para>
"A line comment starts with a hash sign (<quote>#</quote>) or a semicolon "
"(<quote>;</quote>). Inline comments are not supported."
"Una línea de comentario comienza con una almohadilla (<quote>#</quote>) o un "
"punto y coma (<quote>;</quote>). No se soportan los comentarios en línea."
#. type: Content of: <reference><refentry><refsect1><para>
"All sections can have an optional <replaceable>description</replaceable> "
"parameter. Its function is only as a label for the section."
"Todas las secciones pueden tener un parámetro opcional de "
"<replaceable>descripción</replaceable>. Su función es solo la de servir como "
"etiqueta a tal sección."
#. type: Content of: <reference><refentry><refsect1><para>
"<filename>
sssd.conf</filename> must be a regular file, owned by root and "
"only root may read from or write to the file."
"<filename>
sssd.conf</filename> debe ser un archivo regular, cuyo dueño sea "
"el usuario root, y sólo este usuario podrá tener permisos de lectura y "
#. type: Content of: <reference><refentry><refsect1><title>
msgid "CONFIGURATION SNIPPETS FROM INCLUDE DIRECTORY"
#. type: Content of: <reference><refentry><refsect1><para>
"The configuration file <filename>
sssd.conf</filename> will include "
"configuration snippets using the include directory <filename>
conf.d</"
"filename>. This feature is available if SSSD was compiled with libini "
"version 1.3.0 or later."
#. type: Content of: <reference><refentry><refsect1><para>
"Any file placed in <filename>
conf.d</filename> that ends in "
"<quote><filename>.conf</filename></quote> and does not begin with a dot "
"(<quote>.</quote>) will be used together with <filename>
sssd.conf</filename> "
#. type: Content of: <reference><refentry><refsect1><para>
"The configuration snippets from <filename>
conf.d</filename> have higher "
"priority than <filename>
sssd.conf</filename> and will override "
"<filename>
sssd.conf</filename> when conflicts occur. If several snippets are "
"present in <filename>
conf.d</filename>, then they are included in "
"alphabetical order (based on locale). Files included later have higher "
"<filename>
02_snippet.conf</filename> etc.) can help visualize the priority "
"(higher number means higher priority)."
#. type: Content of: <reference><refentry><refsect1><para>
"The snippet files require the same owner and permissions as <filename>sssd."
"conf</filename>. Which are by default root:root and 0600."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
msgid "Following options are usable in more than one configuration sections."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "Options usable in all sections"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "debug_level (integer)"
msgstr "debug_level (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"SSSD 1.14 and later also includes the <replaceable>debug</replaceable> alias "
"for <replaceable>debug_level</replaceable> as a convenience feature. If both "
"are specified, the value of <replaceable>debug_level</replaceable> will be "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "debug_timestamps (bool)"
msgstr "debug_timestamps (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Add a timestamp to the debug messages. If journald is enabled for SSSD "
"debug logging this option is ignored."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: true"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "debug_microseconds (bool)"
msgstr "debug_microseconds (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Add microseconds to the timestamp in debug messages. If journald is enabled "
"for SSSD debug logging this option is ignored."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: false"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
msgid "<placeholder type=\"variablelist\" id=\"0\"/>"
msgstr "<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "Options usable in SERVICE and DOMAIN sections"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "timeout (integer)"
msgstr "timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Timeout in seconds between heartbeats for this service. This is used to "
"ensure that the process is alive and capable of answering requests. Note "
"that after three missed heartbeats the process will terminate itself."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 10"
#. type: Content of: <reference><refentry><refsect1><title>
msgstr "SECCIONES ESPECIALES"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "The [sssd] section"
msgstr "La sección [sssd]"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
msgid "Section parameters"
msgstr "Parámetros de sección"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "config_file_version (integer)"
msgstr "config_file_version (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Indicates what is the syntax of the config file. SSSD 0.6.0 and later use "
"Indica cuál es la sintaxis del archivo de configuración. SSSD 0.6.0 y "
"posteriores utilizan una versión 2."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Comma separated list of services that are started when sssd itself starts. "
"<phrase condition=\"have_systemd\"> The services' list is optional on "
"platforms where systemd is supported, as they will either be socket or D-Bus "
"activated when needed. </phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Supported services: nss, pam <phrase condition=\"with_sudo\">, sudo</phrase> "
"<phrase condition=\"with_autofs\">, autofs</phrase> <phrase condition="
"\"with_ssh\">, ssh</phrase> <phrase condition=\"with_pac_responder\">, pac</"
"phrase> <phrase condition=\"with_ifp\">, ifp</phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"<phrase condition=\"have_systemd\"> By default, all services are disabled "
"and the administrator must enable the ones allowed to be used by executing: "
"\"systemctl enable sssd-@service@.socket\". </phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "reconnection_retries (integer)"
msgstr "reconnection_retries (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Number of times services should attempt to reconnect in the event of a Data "
"Provider crash or restart before they give up"
"Cantidad de intentos de reconexión de los servicios ante una eventual caída "
"de datos del proveedor, o de reiniciarse antes de abandonar"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 3"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"A domain is a database containing user information. SSSD can use more "
"domains at the same time, but at least one must be configured or SSSD won't "
"start. This parameter describes the list of domains in the order you want "
"them to be queried. A domain name should only consist of alphanumeric ASCII "
"characters, dashes, dots and underscores."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "re_expression (string)"
msgstr "re_expression (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Default regular expression that describes how to parse the string containing "
"user name and domain into these components."
"Expresión regular por defecto que describe como analizar la cadena que "
"contiene el nombre de usuario y el dominio en estos componentes."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Each domain can have an individual regular expression configured. For some "
"ID providers there are also default regular expressions. See DOMAIN SECTIONS "
"for more info on these regular expressions."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "full_name_format (string)"
msgstr "full_name_format (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A <citerefentry> <refentrytitle>printf</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry>-compatible format that describes how to compose a "
"fully qualified name from user name and domain name components."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "domain name as specified in the SSSD config file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"domain flat name. Mostly usable for Active Directory domains, both directly "
"configured or discovered via IPA trusts."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The following expansions are supported: <placeholder type=\"variablelist\" "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Each domain can have an individual format string configured. see DOMAIN "
"SECTIONS for more info on this option."
"Cada dominio puede tener una cadena de formato individual configurar. Vea "
"SECCIONES DOMINIO para más información sobre esta opción."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "try_inotify (boolean)"
msgstr "try_inotify (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"SSSD monitors the state of
resolv.conf to identify when it needs to update "
"its internal DNS resolver. By default, we will attempt to use inotify for "
"this, and will fall back to polling
resolv.conf every five seconds if "
"inotify cannot be used."
"SSSD monitorea el estado de
resolv.conf para saber cuando es necesario "
"actualizar su resolutor DNS interno. Por defecto, intentaremos utilizar para "
"ello la herramienta inotify, quien consultará a
resolv.conf cada cinco "
"segundos en caso que inotify no pueda ser utilizado."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"There are some limited situations where it is preferred that we should skip "
"even trying to use inotify. In these rare cases, this option should be set "
"Existen algunas pocas situaciones en donde lo preferible es evitar el uso de "
"inotify. En estas raras excepciones, la opción debería ser definida en "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Default: true on platforms where inotify is supported. False on other "
"Predeterminado: 'true' en plataformas donde inotify tenga soporte. 'False' "
"en el resto de las plataformas."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Note: this option will have no effect on platforms where inotify is "
"unavailable. On these platforms, polling will always be used."
"Nota: esta opción no tendrá efecto en plataformas donde inotify no se "
"encuenytre disponible. En estas plataformas, la consulta (polling) será "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "krb5_rcache_dir (string)"
msgstr "krb5_rcache_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Directory on the filesystem where SSSD should store Kerberos replay cache "
"Directorio en el sistema de archivos donde SSSD debería guardar fichero de "
"reproducción de cache de Kerberos."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This option accepts a special value __LIBKRB5_DEFAULTS__ that will instruct "
"SSSD to let libkrb5 decide the appropriate location for the replay cache."
"Esta opción acepta un valor especial __LIBKRB5_DEFAULTS__ que instruirá a "
"SSSD para dejar a libkrb5 decidir la localización apropiada del escondrijo "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Default: Distribution-specific and specified at build-time. "
"(__LIBKRB5_DEFAULTS__ if not configured)"
"Por defecto: Distribución específica y especificado en la acumulación de "
"tiempo. (si no se configura __LIBKRB5_DEFAULTS__)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"The user to drop the privileges to where appropriate to avoid running as the "
"root user. <phrase condition=\"have_systemd\"> This option does not work "
"when running socket-activated services, as the user set up to run the "
"processes is set up during compilation time. The way to override the "
"systemd unit files is by creating the appropriate files in
/etc/systemd/"
"system/. Keep in mind that any change in the socket user, group or "
"permissions may result in a non-usable SSSD. The same may occur in case of "
"changes of the user running the NSS responder. </phrase>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set, process will run as root"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "default_domain_suffix (string)"
msgstr "default_domain_suffix (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This string will be used as a default domain name for all names without a "
"domain name component. The main use case is environments where the primary "
"domain is intended for managing host policies and all users are located in a "
"trusted domain. The option allows those users to log in just with their "
"user name without giving a domain name as well."
"Esta cadena será usada como nombre de dominio por defecto para todos los "
"nombre sin un componente de nombre de dominio. El principal caso de uso es "
"en entornos donde el dominio principal está dirigido a gestionar las "
"políticas de host y todos los usuarios están localizados en un dominio "
"confiable. La opción permite a esos usuarios acceder sólo con su nombre de "
"usuario sin dar también un nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Please note that if this option is set all users from the primary domain "
"have to use their fully qualified name,
e.g. user@domain.name, to log in. "
"Setting this option changes default of use_fully_qualified_names to True. It "
"is not allowed to use this option together with use_fully_qualified_names "
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: no definido"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "override_space (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This parameter will replace spaces (space bar) with the given character for "
"user and group names.
e.g. (_). User name "john doe" will be "
""john_doe" This feature was added to help compatibility with shell "
"scripts that have difficulty handling spaces, due to the default field "
"separator in the shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Please note it is a configuration error to use a replacement character that "
"might be used in user or group names. If a name contains the replacement "
"character SSSD tries to return the unmodified name but in general the result "
"of a lookup is undefined."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set (spaces will not be replaced)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "certificate_verification (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"Disables Online Certificate Status Protocol (OCSP) checks. This might be "
"needed if the OCSP servers defined in the certificate are not reachable from "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"Disables verification completely. This option should only be used for "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "ocsp_default_responder=URL"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"Sets the OCSP default responder which should be used instead of the one "
"mentioned in the certificate. URL must be replaced with the URL of the OCSP "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"This option must be used together with ocsp_default_responder_signing_cert."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "ocsp_default_responder_signing_cert=NAME"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"The nickname of the cert to trust (expected) to sign the OCSP responses. "
"The certificate with the given nickname must be available in the systems NSS "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "This option must be used together with ocsp_default_responder."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"With this parameter the certificate verification can be tuned with a comma "
"separated list of options. Supported options are: <placeholder type="
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Unknown options are reported but ignored."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set,
i.e. do not restrict certificate verification"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "disable_netlink (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"SSSD hooks into the netlink interface to monitor changes to routes, "
"addresses, links and trigger certain actions."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"The SSSD state changes caused by netlink events may be undesirable and can "
"be disabled by setting this option to 'true'"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: false (netlink changes are detected)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "enable_files_domain (boolean)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"When this option is enabled, SSSD prepends an implicit domain with "
"<quote>id_provider=files</quote> before any explicitly configured domains."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "domain_resolution_order"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Comma separated list of domains and subdomains representing the lookup order "
"that will be followed. The list doesn't have to include all possible "
"domains as the missing domains will be looked up based on the order they're "
"presented in the <quote>domains</quote> configuration option. The "
"subdomains which are not listed as part of <quote>lookup_order</quote> will "
"be looked up in a random order for each parent domain."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Please, note that when this option is set the output format of all commands "
"is always fully-qualified even when using short names for input. In case "
"the administrator wants the output not fully-qualified, the full_name_format "
"option can be used as shown below: <quote>full_name_format=%1$s</quote> "
"However, keep in mind that during login, login applications often "
"canonicalize the username by calling <citerefentry> <refentrytitle>getpwnam</"
"refentrytitle> <manvolnum>3</manvolnum> </citerefentry> which, if a "
"shortname is returned for a qualified input (while trying to reach a user "
"which exists in multiple domains) might re-route the login attempt into the "
"domain which users shortnames, making this workaround totally not "
"recommended in cases where usernames may overlap between domains."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"Individual pieces of SSSD functionality are provided by special SSSD "
"services that are started and stopped together with SSSD. The services are "
"managed by a special service frequently called <quote>monitor</quote>. The "
"<quote>[sssd]</quote> section is used to configure the monitor as well as "
"some other important options like the identity domains. <placeholder type="
"\"variablelist\" id=\"0\"/>"
"Trozos individuales de funcionalidad SSSD son suministrados por servicios "
"especiales SSSD que se inician y parar junto a SSSD. Los servicios son "
"gestionados por un servicio especial frecuentemente llamado <quote>monitor</"
"quote>. La sección <quote>[sssd]</quote> se usa para configurar el monitor "
"así como algunas otras opciones importantes como la identidad de dominios. "
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "SERVICES SECTIONS"
msgstr "SECCIONES DE SERVICIOS"
#. type: Content of: <reference><refentry><refsect1><para>
"Settings that can be used to configure different services are described in "
"this section. They should reside in the [<replaceable>$NAME</replaceable>] "
"section, for example, for NSS service, the section would be <quote>[nss]</"
"Los ajustes que pueden ser utilizados para configurar diferentes servicios "
"se describe en esta sección. Ellos deben residir en la sección [<replaceable>"
"$NAME</replaceable>], por ejemplo, para el servicio NSS, la sección sería "
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "General service configuration options"
msgstr "Opciones de configuración de servicios generales"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
msgid "These options can be used to configure any service."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"This option specifies the maximum number of file descriptors that may be "
"opened at one time by this SSSD process. On systems where SSSD is granted "
"the CAP_SYS_RESOURCE capability, this will be an absolute setting. On "
"systems without this capability, the resulting value will be the lower value "
"Esta opción especifica el número máximo de descriptores de ficheros que "
"pueden ser abiertos a la vez por este proceso SSSD. Sobre sistemas donde "
"SSSD ha alcanzado la capacidad CAP_SYS_RESOURCE, este será un ajuste "
"absoluto. Sobre sistemas sin esta capacidad, el valor resultante será el "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Por defecto: 8192 (o limite “hard” en
limits.conf)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "client_idle_timeout"
msgstr "client_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"This option specifies the number of seconds that a client of an SSSD process "
"can hold onto a file descriptor without communicating on it. This value is "
"limited in order to avoid resource exhaustion on the system. The timeout "
"can't be shorter than 10 seconds. If a lower value is configured, it will be "
"adjusted to 10 seconds."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 60"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "offline_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"When SSSD switches to offline mode the amount of time before it tries to go "
"back online will increase based upon the time spent disconnected. This "
"value is in seconds and calculated by the following:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "offline_timeout + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The random offset can increment up to 30 seconds. After each unsuccessful "
"attempt to go online, the new interval is recalculated by the following:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "new_interval = old_interval*2 + random_offset"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Note that the maximum length of each interval is currently limited to one "
"hour. If the calculated length of new_interval is greater than an hour, it "
"will be forced to one hour."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "responder_idle_timeout"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"This option specifies the number of seconds that an SSSD responder process "
"can be up without being used. This value is limited in order to avoid "
"resource exhaustion on the system. The minimum acceptable value for this "
"option is 60 seconds. Setting this option to 0 (zero) means that no timeout "
"will be set up to the responder. This option only has effect when SSSD is "
"built with systemd support and when services are either socket or D-Bus "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 300"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"This option specifies whether the responder should query all caches before "
"querying the Data Providers."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "NSS configuration options"
msgstr "Opciones de configuración de NSS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"These options can be used to configure the Name Service Switch (NSS) service."
"Estas opciones pueden ser usadas para configurar el servicio Name Service "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "enum_cache_timeout (integer)"
msgstr "enum_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"How many seconds should nss_sss cache enumerations (requests for info about "
"Cuantos segundos ocultaría enumeraciones nss_sss (peticiones de información "
"sobre todos los usuarios)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 120"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "entry_cache_nowait_percentage (integer)"
msgstr "entry_cache_nowait_percentage (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The entry cache can be set to automatically update entries in the background "
"if they are requested beyond a percentage of the entry_cache_timeout value "
"La entrada a la cache puede ser fijada automáticamente para actualizar "
"entradas en segundo plano si hay peticiones más allá de un porcentanje del "
"valor de entry_cache_timeout para el dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"For example, if the domain's entry_cache_timeout is set to 30s and "
"entry_cache_nowait_percentage is set to 50 (percent), entries that come in "
"after 15 seconds past the last cache update will be returned immediately, "
"but the SSSD will go and update the cache on its own, so that future "
"requests will not need to block waiting for a cache update."
"Por ejemplo, si entry_cache_timeout del dominio está fijado a 30 y "
"entry_cache_nowait_percentage está fijado a 50 (por ciento), las entradas "
"que vengan después de 15 segundos pasado el último cache serán devueltas "
"inmediatamente, pero SSSD irá y actualizará el cache por el mismo, de modo "
"que las futuras peticiones no necesitarán bloquearse a la espera de una "
"actualización del cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Valid values for this option are 0-99 and represent a percentage of the "
"entry_cache_timeout for each domain. For performance reasons, this "
"percentage will never reduce the nowait timeout to less than 10 seconds. (0 "
"Los valores válidos para esta opción son 0-99 y representan un porcentaje de "
"entry_cache_timeout para cada dominio. Por razones de rendimiento, este "
"porcentaje nunca reducirá el tiempo de salida de no espera a menos de 10 "
"segundos. (0 deshabilita esta función)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 50"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "entry_negative_timeout (integer)"
msgstr "entry_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies for how many seconds nss_sss should cache negative cache hits "
"(that is, queries for invalid database entries, like nonexistent ones) "
"before asking the back end again."
"Especifica por cuantos segundos nss_sss escondería golpes negativos al cache "
"(esto es, consultas para entradas no válidas a la base de datos, como "
"entradas no existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 15"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "local_negative_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies for how many seconds nss_sss should keep local users and groups in "
"negative cache before trying to look it up in the back end again."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 0"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "filter_users, filter_groups (string)"
msgstr "filter_users, filter_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Exclude certain users or groups from being fetched from the sss NSS "
"database. This is particularly useful for system accounts. This option can "
"also be set per-domain or include fully-qualified names to filter only users "
"from the particular domain."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"NOTE: The filter_groups option doesn't affect inheritance of nested group "
"members, since filtering happens after they are propagated for returning via "
"NSS.
E.g. a group having a member group filtered out will still have the "
"member users of the latter listed."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: root"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "filter_users_in_groups (bool)"
msgstr "filter_users_in_groups (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"If you want filtered user still be group members set this option to false."
"Si usted desea filtrar usuarios aunque sean miembros del grupo, fije esta "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "fallback_homedir (string)"
msgstr "fallback_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Set a default template for a user's home directory if one is not specified "
"explicitly by the domain's data provider."
"Fija la plantilla por defecto para el direcorio home del usuario si no se ha "
"especificado una explícitamente por el proveedor de datos del dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The available values for this option are the same as for override_homedir."
"Los valores disponibles para esta opción son los mismos que para "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
"fallback_homedir = /home/%u\n"
"fallback_homedir = /home/%u\n"
#. type: Content of: <varlistentry><listitem><para>
msgid "example: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "ejemplo: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: not set (no substitution for unset home directories)"
"Por defecto: no fijado (sin sustitución para los directorios home no fijados)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "override_shell (string)"
msgstr "override_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Override the login shell for all users. This option supersedes any other "
"shell options if it takes effect and can be set either in the [nss] section "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: not set (SSSD will use the value retrieved from LDAP)"
msgstr "Por defecto: no fijado (SSSD usará el valor recuperado desde LDAP)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "allowed_shells (string)"
msgstr "allowed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Restrict user shell to one of the listed values. The order of evaluation is:"
"Restringe la shell de usuario a uno de los valores listados. El orden de "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "1. If the shell is present in <quote>
/etc/shells</quote>, it is used."
msgstr "1. Si el shell está presente en <quote>
/etc/shells</quote>, se usa."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"2. If the shell is in the allowed_shells list but not in <quote>
/etc/shells</"
"quote>, use the value of the shell_fallback parameter."
"2. Si el shell está en la lista allowed_shells pero no en <quote>/etc/"
"shells</quote>, usa el valor del parámetro shell_fallback."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"3. If the shell is not in the allowed_shells list and not in <quote>/etc/"
"shells</quote>, a nologin shell is used."
"3. Si el shell no está en la lista allowed_shells y tampoco en <quote>/etc/"
"shells</quote>, se usará un shell de no acceso."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "The wildcard (*) can be used to allow any shell."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The (*) is useful if you want to use shell_fallback in case that user's "
"shell is not in <quote>
/etc/shells</quote> and maintaining list of all "
"allowed shells in allowed_shells would be to much overhead."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "An empty string for shell is passed as-is to libc."
msgstr "Una cadena vacía para el shell se pasa como-es a libc."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The <quote>
/etc/shells</quote> is only read on SSSD start up, which means "
"that a restart of the SSSD is required in case a new shell is installed."
"<quote>
/etc/shells</quote> es de sólo lectura en el inicio SSSD, lo que "
"significa que se requiere el reinicio del SSSD en el caso de que se instale "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: Not set. The user shell is automatically used."
msgstr "Por defecto: No fijado. La shell del usuario se usa automáticamente."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "vetoed_shells (string)"
msgstr "vetoed_shells (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Replace any instance of these shells with the shell_fallback"
msgstr "Reemplaza cualquier instancia de estos shells con shell_fallback"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "shell_fallback (string)"
msgstr "shell_fallback (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The default shell to use if an allowed shell is not installed on the machine."
"La shell por defecto a usar si una shell permitida no está instalada en la "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The default shell to use if the provider does not return one during lookup. "
"This option can be specified globally in the [nss] section or per-domain."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Default: not set (Return NULL if no shell is specified and rely on libc to "
"substitute something sensible when necessary, usually
/bin/sh)"
"Por defecto: no fijado (Devuelve NULL si no se ha especificado una shell y "
"confía en libc para sustituir algo sensible cuando sea necesario, "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "get_domains_timeout (int)"
msgstr "get_domains_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies time in seconds for which the list of subdomains will be "
"Especifica el tiempo en segundos por los cuales la lista de subdominios será "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "memcache_timeout (int)"
msgstr "memcache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies time in seconds for which records in the in-memory cache will be "
"valid. Setting this option to zero will disable the in-memory cache."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"WARNING: Disabling the in-memory cache will have significant negative impact "
"on SSSD's performance and should only be used for testing."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"NOTE: If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", "
"client applications will not use the fast in-memory cache."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "user_attributes (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Some of the additional NSS responder requests can return more attributes "
"than just the POSIX ones defined by the NSS interface. The list of "
"attributes is controlled by this option. It is handled the same way as the "
"<quote>user_attributes</quote> option of the InfoPipe responder (see "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for details) but with no default values."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"To make configuration more easy the NSS responder will check the InfoPipe "
"option if it is not set for the NSS responder."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: not set, fallback to InfoPipe option"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The value that NSS operations that return users or groups will return for "
"the <quote>password</quote> field."
#. type: Content of: <varlistentry><listitem><para>
msgid "This option can also be set per-domain."
msgstr "Esta opción puede ser también fijada por dominio."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Default: <quote>*</quote> (remote domains) or <quote>x</quote> (the files "
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "PAM configuration options"
msgstr "Opciones de configuración PAM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"These options can be used to configure the Pluggable Authentication Module "
"Estas opciones pueden ser usadas para configurar el servicio Pluggable "
"Authentication Module (PAM)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "offline_credentials_expiration (integer)"
msgstr "offline_credentials_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"If the authentication provider is offline, how long should we allow cached "
"logins (in days since the last successful online login)."
"Si la autenticación del proveedor es fuera de línea, cuanto permitiríamos "
"los accesos escondidos (en días desde el último login en línea con éxito)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: 0 (No limit)"
msgstr "Predeterminado: 0 (Sin límite)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "offline_failed_login_attempts (integer)"
msgstr "offline_failed_login_attempts (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"If the authentication provider is offline, how many failed login attempts "
"Si la autenticación del proveedor es fuera de línea, cuantos intentos de "
"login fallados están permitidos."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "offline_failed_login_delay (integer)"
msgstr "offline_failed_login_delay (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The time in minutes which has to pass after offline_failed_login_attempts "
"has been reached before a new login attempt is possible."
"El tiempo en minutos que ha de pasar después de que "
"offline_failed_login_attempts ha sido alcanzado antes de que un nuevo "
"intento de login sea posible."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"If set to 0 the user cannot authenticate offline if "
"offline_failed_login_attempts has been reached. Only a successful online "
"authentication can enable offline authentication again."
"Si se fija en 0 el usuario no puede autenticarse fuerta de línea si se ha "
"alcanzado offline_failed_login_attempts. Sólo una autenticación en línea con "
"éxito puede habilitar otra vez la autenticación fuera de línea."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 5"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_verbosity (integer)"
msgstr "pam_verbosity (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Controls what kind of messages are shown to the user during authentication. "
"The higher the number to more messages are displayed."
"Controla qué tipo de mensajes se muestra al usuario durante la "
"autenticación. Cuanto mayor sea el número de mensajes más aparecen."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Currently sssd supports the following values:"
msgstr "Actualmente sssd soporta los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "<emphasis>0</emphasis>: do not show any message"
msgstr "<emphasis>0</emphasis>: no mostrar ningún mensaje"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "<emphasis>1</emphasis>: show only important messages"
msgstr "<emphasis>1</emphasis>: mostrar sólo mensajes importantes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "<emphasis>2</emphasis>: show informational messages"
msgstr "<emphasis>2</emphasis>: mostrar mensajes informativos"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "<emphasis>3</emphasis>: show all messages and debug information"
"<emphasis>3</emphasis>: mostrar todos los mensajes e información de "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 1"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_response_filter (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"A comma separated list of strings which allows to remove (filter) data sent "
"by the PAM responder to pam_sss PAM module. There are different kind of "
"responses sent to pam_sss
e.g. messages displayed to the user or environment "
"variables which should be set by pam_sss."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"While messages already can be controlled with the help of the pam_verbosity "
"option this option allows to filter out other kind of responses as well."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "Do not send any environment variables to any service."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "Do not send environment variable var_name to any service."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
msgid "ENV:var_name:service"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "Do not send environment variable var_name to service."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Currently the following filters are supported: <placeholder type="
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Example: ENV:KRB5CCNAME:sudo-i"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_id_timeout (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"For any PAM request while SSSD is online, the SSSD will attempt to "
"immediately update the cached identity information for the user in order to "
"ensure that authentication takes place with the latest information."
"Para cualquier petición PAM mientras SSSD está en línea, SSSD intentará "
"inmediatamente actualizar la información de identidad escondida por el "
"usuario con el objetivo de asegurar que la autenticación tiene lugar con la "
"información más actual."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"A complete PAM conversation may perform multiple PAM requests, such as "
"account management and session opening. This option controls (on a per-"
"client-application basis) how long (in seconds) we can cache the identity "
"information to avoid excessive round-trips to the identity provider."
"Una conversación PAM completa puede llevar a cabo múltiples peticiones PAM, "
"como gestión de cuenta y apertura de sesión. Esta opción controla (sobre una "
"base de por cliente-aplicación) cuanto (en segundos) podemos esconder la "
"información de identidad para evitar excesivos viajes de ida y vuelata al "
"proveedor de identidad."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_pwd_expiration_warning (integer)"
msgstr "pam_pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Display a warning N days before the password expires."
msgstr "Mostrar una advertencia N días antes que la contraseña caduque."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning."
"Por favor advierta que el servidor de punto final tiene que suministrar "
"información sobre el tiempo de expiración de la contraseña. Si esta "
"información desaparece, sssd no podrá mostrar un aviso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If zero is set, then this filter is not applied,
i.e. if the expiration "
"warning was received from backend server, it will automatically be displayed."
"Si está fijado cero, no se aplicará el filtro, esto es si se recibe una "
"advertencia de expiración desde el servidor final, se mostrará "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"This setting can be overridden by setting <emphasis>pwd_expiration_warning</"
"emphasis> for a particular domain."
"Este ajuste puede ser anulado por el ajuste "
"<emphasis>pwd_expiration_warning</emphasis> para un dominio concreto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_trusted_users (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of UID values or user names that are "
"allowed to run PAM conversations against trusted domains. Users not "
"included in this list can only access domains marked as public with "
"<quote>pam_public_domains</quote>. User names are resolved to UIDs at "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: All users are considered trusted by default"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Please note that UID 0 is always allowed to access the PAM responder even in "
"case it is not in the pam_trusted_users list."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_public_domains (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of domain names that are accessible even "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Two special values for pam_public_domains option are defined:"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"all (Untrusted users are allowed to access all domains in PAM responder.)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"none (Untrusted users are not allowed to access any domains PAM in "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: none"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_account_expired_message (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Allows a custom expiration message to be set, replacing the default "
"'Permission denied' message."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Note: Please be aware that message is only printed for the SSH service "
"unless pam_verbosity is set to 3 (show all messages and debug information)."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
"pam_account_expired_message = Account expired, please contact help desk.\n"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_account_locked_message (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Allows a custom lockout message to be set, replacing the default 'Permission "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para><programlisting>
"pam_account_locked_message = Account locked, please contact help desk.\n"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_cert_auth (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Enable certificate based Smartcard authentication. Since this requires "
"additional communication with the Smartcard which will delay the "
"authentication process this option is disabled by default."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgstr "Por defecto: False"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_cert_db_path (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The path to the certificate database which contain the PKCS#11 modules to "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "p11_child_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "How many seconds will pam_sss wait for p11_child to finish."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pam_app_services (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Which PAM services are permitted to contact domains of type "
"<quote>application</quote>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "SUDO configuration options"
msgstr "SUDO opciones de configuración"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"These options can be used to configure the sudo service. The detailed "
"instructions for configuration of <citerefentry> <refentrytitle>sudo</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to work with "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> are in the manual page <citerefentry> <refentrytitle>sssd-"
"sudo</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "sudo_timed (bool)"
msgstr "sudo_timed (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Whether or not to evaluate the sudoNotBefore and sudoNotAfter attributes "
"that implement time-dependent sudoers entries."
"Si se evalúan o no los atributos sudoNotBefore y sudoNotAfter que implementa "
"entradas de sudoers dependientes del tiempo."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#| msgid "ldap_deref_threshold (integer)"
msgid "sudo_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Maximum number of expired rules that can be refreshed at once. If number of "
"expired rules is below threshold, those rules are refreshed with "
"<quote>rules refresh</quote> mechanism. If the threshold is exceeded a "
"<quote>full refresh</quote> of sudo rules is triggered instead. This "
"threshold number also applies to IPA sudo command and command group searches."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "AUTOFS configuration options"
msgstr "Opciones de configuración AUTOFS"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
msgid "These options can be used to configure the autofs service."
msgstr "Estas opciones pueden ser usadas para configurar el servicio autofs."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "autofs_negative_timeout (integer)"
msgstr "autofs_negative_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies for how many seconds should the autofs responder negative cache "
"hits (that is, queries for invalid map entries, like nonexistent ones) "
"before asking the back end again."
"Especifica cuantos segundos debería el respondedor negativo autofs esconder "
"golpes (esto es, consultas a entradas de mapa no válidad, como las no "
"existentes) antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "SSH configuration options"
msgstr "Opciones de configuración SSH"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
msgid "These options can be used to configure the SSH service."
msgstr "Estas opciones se pueden usar para configurar el servicio SSH."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "ssh_hash_known_hosts (bool)"
msgstr "ssh_hash_known_hosts (booleano)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Whether or not to hash host names and addresses in the managed known_hosts "
"Si se pican o no los nombres y las direcciones de host en fichero gestionado "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "ssh_known_hosts_timeout (integer)"
msgstr "ssh_known_hosts_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"How many seconds to keep a host in the managed known_hosts file after its "
"host keys were requested."
"Cuantos segundos se mantiene un host en el fichero known_hosts gestionados "
"después de que se hayan pedido sus claves de host."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Por defecto: 180"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Path to a storage of trusted CA certificates. The option is used to validate "
"user certificates before deriving public ssh keys from them."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "PAC responder configuration options"
msgstr "Opciones de configuración del respondedor PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The PAC responder works together with the authorization data plugin for MIT "
"PAC data during a GSSAPI authentication to the PAC responder. The sub-domain "
"provider collects domain SID and ID ranges of the domain the client is "
"joined to and of remote trusted domains from the local domain controller. If "
"the PAC is decoded and evaluated some of the following operations are done:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
"If the remote user does not exist in the cache, it is created. The UID is "
"determined with the help of the SID, trusted domains will have UPGs and the "
"GID will have the same value as the UID. The home directory is set based on "
"the subdomain_homedir parameter. The shell will be empty by default,
i.e. "
"the system defaults are used, but can be overwritten with the default_shell "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><itemizedlist><listitem><para>
"If there are SIDs of groups from domains sssd knows about, the user will be "
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
msgid "These options can be used to configure the PAC responder."
msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "allowed_uids (string)"
msgstr "allowed_uids (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the PAC responder. User names are resolved to UIDs at "
"Especifica la lista separada por comas de los valores UID o nombres de "
"usuario que tiene el acceso permitido al respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: 0 (only the root user is allowed to access the PAC responder)"
"Por defecto: 0 (sólo el usuario root tiene permitido el acceso al "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
"access the PAC responder, which would be the typical case, you have to add 0 "
"to the list of allowed UIDs as well."
"Por favor advierta que aunque la UID 0 se usa por defecto será anulada con "
"esta opción. Si usted deses todavía permitir al usuario root acceder al "
"respondedor PAC, que sería el caso típico, usted tiene que añadir 0 a la "
"lista de UIDs permitidas también."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "pac_lifetime (integer)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Lifetime of the PAC entry in seconds. As long as the PAC is valid the PAC "
"data can be used to determine the group memberships of a user."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#| msgid "PAC responder configuration options"
msgid "Session recording configuration options"
msgstr "Opciones de configuración del respondedor PAC"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#| "This manual page describes the configuration of the AD provider for "
#| "<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</"
#| "manvolnum> </citerefentry>. For a detailed syntax reference, refer to "
#| "the <quote>FILE FORMAT</quote> section of the <citerefentry> "
#| "<refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
#| "citerefentry> manual page."
"Session recording works in conjunction with <citerefentry> "
"<refentrytitle>tlog-rec-session</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry>, a part of tlog package, to log what users see and type when "
"they log in on a text terminal. See also <citerefentry> <refentrytitle>sssd-"
"session-recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
"Esta página de manual describe la configuración del proveedor AD para "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
"<refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
#| msgid "These options can be used to configure any service."
msgid "These options can be used to configure session recording."
msgstr "Estas opciones pueden usarse para configurar cualquier servicio."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#| msgid "sudo_provider (string)"
msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "No users are recorded."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#| "Append this user to groups specified by the <replaceable>GROUPS</"
#| "replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter "
#| "is a comma separated list of group names."
"
Users/groups specified by <replaceable>users</replaceable> and "
"<replaceable>groups</replaceable> options are recorded."
"Añade este usuario a los grupos especificados por el parámetro "
"<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</"
"replaceable> es una lista separada por comas de nombres de grupo."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "All users are recorded."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#| "Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"One of the following strings specifying the scope of session recording: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
"Opciones válidas para dominios proxy. <placeholder type=\"variablelist\" id="
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: \"none\""
msgstr "Predeterminado: none"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#| msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"A comma-separated list of users which should have session recording enabled. "
"Matches user names as returned by NSS.
I.e. after the possible space "
"replacement, case changes, etc."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#| msgid "Default: empty,
i.e. ldap_uri is used."
msgid "Default: Empty. Matches no users."
msgstr "Por defecto: vacio, esto es ldap_uri se está usando."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#| msgid "ldap_group_name (string)"
msgstr "ldap_group_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"A comma-separated list of groups, members of which should have session "
"recording enabled. Matches group names as returned by NSS.
I.e. after the "
"possible space replacement, case changes, etc."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"NOTE: using this option (having it set to anything) has a considerable "
"performance cost, because each uncached request for a user requires "
"retrieving and matching the groups the user is member of."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: Empty. Matches no groups."
#. type: Content of: <reference><refentry><refsect1><title>
msgstr "SECCIONES DE DOMINIO"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "domain_type (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies whether the domain is meant to be used by POSIX-aware clients such "
"as the Name Service Switch or by applications that do not need POSIX data to "
"be present or generated. Only objects from POSIX domains are available to "
"the operating system interfaces and utilities."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Allowed values for this option are <quote>posix</quote> and "
"<quote>application</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"POSIX domains are reachable by all services. Application domains are only "
"reachable from the InfoPipe responder (see <citerefentry> "
"<refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>) and the PAM responder."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: The application domains are currently well tested with "
"<quote>id_provider=ldap</quote> only."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For an easy way to configure a non-POSIX domains, please see the "
"<quote>Application domains</quote> section."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "min_id,max_id (integer)"
msgstr "min_id, max_id (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"UID and GID limits for the domain. If a domain contains an entry that is "
"outside these limits, it is ignored."
"Límites de UID y GID para el dominio. Si un dominio contiene una entrada que "
"está fuera de estos límites, ésta es ignorada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For users, this affects the primary GID limit. The user will not be returned "
"to NSS if either the UID or the primary GID is outside the range. For non-"
"primary group memberships, those that are in range will be reported as "
"Para usuarios, esto afecta al límite primario GID. El usuario no será "
"devuelto a NSS si bien la UID o el GID primario está fuera de rango. Para "
"los miembros de grupos no primarios, aquellos que estén en rango serán "
"reportados como en espera."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"These ID limits affect even saving entries to cache, not only returning them "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 1 for min_id, 0 (no limit) for max_id"
msgstr "Predeterminado: 1 para min_id, 0 (sin límite) para max_id"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Determines if a domain can be enumerated, that is, whether the domain can "
"list all the users and group it contains. Note that it is not required to "
"enable enumeration in order for secondary groups to be displayed. This "
"parameter can have one of the following values:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "TRUE = Users and groups are enumerated"
msgstr "TRUE = Usuarios y grupos son enumerados"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "FALSE = No enumerations for this domain"
msgstr "FALSE = Sin enumeraciones para este dominio"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: FALSE"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Enumerating a domain requires SSSD to download and store ALL user and group "
"entries from the remote server."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "Note: Enabling enumeration has a moderate performance impact on SSSD "
#| "while enumeration is running. It may take up to several minutes after "
#| "SSSD startup to fully complete enumerations. During this time, "
#| "individual requests for information will go directly to LDAP, though it "
#| "may be slow, due to the heavy enumeration processing. Saving a large "
#| "number of entries to cache after the enumeration completes might also be "
#| "CPU intensive as the memberships have to be recomputed."
"Note: Enabling enumeration has a moderate performance impact on SSSD while "
"enumeration is running. It may take up to several minutes after SSSD startup "
"to fully complete enumerations. During this time, individual requests for "
"information will go directly to LDAP, though it may be slow, due to the "
"heavy enumeration processing. Saving a large number of entries to cache "
"after the enumeration completes might also be CPU intensive as the "
"memberships have to be recomputed. This can lead to the <quote>sssd_be</"
"quote> process becoming unresponsive or even restarted by the internal "
"Nota: Habilitar la enumeración tiene un impacto en el rendimiento moderado "
"sobre SSSD mientras la enumeración está corriendo. Puede tomar varios "
"minutos desde que SSSD ha arrancado hasta completar todas las enumeraciones. "
"Durante este tiempo, las peticiones de información individuales irán "
"directamente a LDAP, aunque puede ser lento, debido al pesado proceso de "
"enumeración. Guardar un gran número de entradas en la cache después de "
"completar la enumeración puede también ser intenso para la CPU puesto que "
"las afiliaciones deben ser recalculadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"While the first enumeration is running, requests for the complete user or "
"group lists may return no results until it completes."
"Mientras está corriendo la primera enumeración, peticiones para el usuario "
"completo o listas de grupo pueden no devolver resultados hasta que se "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Further, enabling enumeration may increase the time necessary to detect "
"network disconnection, as longer timeouts are required to ensure that "
"enumeration lookups are completed successfully. For more information, refer "
"to the man pages for the specific id_provider in use."
"Adicionalmente, la habilitación de la enumeración puede incrementar el "
"tiempo necesario para detectar la desconexión de red, tanto como los tiempos "
"de espera necesarios para asegurar que las búsquedas de enumeración se han "
"completado. Para más información vea las páginas de manual para el "
"específico id_provider en uso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For the reasons cited above, enabling enumeration is not recommended, "
"especially in large environments."
"Por las razones citadas arriba, no se recomienda habilitar la enumeración, "
"especialmente en entornos grandes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "subdomain_enumerate (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "All discovered trusted domains will be enumerated"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "No discovered trusted domains will be enumerated"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Whether any of autodetected trusted domains should be enumerated. The "
"supported values are: <placeholder type=\"variablelist\" id=\"0\"/> "
"Optionally, a list of one or more domain names can enable enumeration just "
"for these trusted domains."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_timeout (integer)"
msgstr "entry_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should nss_sss consider entries valid before asking the "
"Cuántos segundos debe considerar nss_sss como válidas las entradas antes de "
"volver a consultar al backend"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The cache expiration timestamps are stored as attributes of individual "
"objects in the cache. Therefore, changing the cache timeout only has effect "
"for newly added or expired entries. You should run the <citerefentry> "
"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry> tool in order to force refresh of entries that have already "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 5400"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_user_timeout (integer)"
msgstr "entry_cache_user_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should nss_sss consider user entries valid before asking "
"Cuantos segundos debería nss_sss considerar las entradas de usuario válidas "
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: entry_cache_timeout"
msgstr "Por defecto: entry_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_group_timeout (integer)"
msgstr "entry_cache_group_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should nss_sss consider group entries valid before asking "
"Cuantos segundos debería nss_sss considerar las entradas de grupo válidas "
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_netgroup_timeout (integer)"
msgstr "entry_cache_netgroup_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should nss_sss consider netgroup entries valid before "
"asking the backend again"
"Cuantos segundos debería nss_sss considerar las entradas de grupo de red "
"válidas antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_service_timeout (integer)"
msgstr "entry_cache_service_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should nss_sss consider service entries valid before asking "
"Cuantos segundos debería nss_sss considerar las entradas de servicio válidas "
"antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_sudo_timeout (integer)"
msgstr "entry_cache_sudo_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should sudo consider rules valid before asking the backend "
"Cuantos segundos debería considerar las regulas sudo válidas antes de "
"preguntar al backend otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_autofs_timeout (integer)"
msgstr "entry_cache_autofs_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds should the autofs service consider automounter maps valid "
"before asking the backend again"
"Cuantos segundos deberá considerar el servicio autofs los mapas de "
"automontaje válidos antes de preguntar al punto final otra vez."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "entry_cache_ssh_host_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds to keep a host ssh key after refresh. IE how long to cache "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "refresh_expired_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies how many seconds SSSD has to wait before triggering a background "
"refresh task which will refresh all expired or nearly expired records."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The background refresh will process users, groups and netgroups in the cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "You can consider setting this value to 3/4 * entry_cache_timeout."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 0 (disabled)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "cache_credentials (bool)"
msgstr "cache_credentials (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Determines if user credentials are also cached in the local LDB cache"
"Determina si las credenciales del usuario están también escondidas en el "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "User credentials are stored in a SHA512 hash, not in plaintext"
"Las credenciales de usuario son almacenadas en un hash SHA512, no en texto "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "cache_credentials_minimal_first_factor_length (int)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If 2-Factor-Authentication (2FA) is used and credentials should be saved "
"this value determines the minimal length the first authentication factor "
"(long term password) must have to be saved as SHA512 hash into the cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This should avoid that the short PINs of a PIN based 2FA scheme are saved in "
"the cache which would make them easy targets for brute-force attacks."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "account_cache_expiration (integer)"
msgstr "account_cache_expiration (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Number of days entries are left in cache after last successful login before "
"being removed during a cleanup of the cache. 0 means keep forever. The "
"value of this parameter must be greater than or equal to "
"offline_credentials_expiration."
"Entradas de números de días que son dejadas en el cache después del último "
"login con éxito antes de ser borrado durante la limpieza de la cache. 0 "
"significa mantener para siempre. El valor de este parámetro debe ser más "
"grande o igual que offline_credentials_expiration."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 0 (unlimited)"
msgstr "Predeterminado: 0 (ilimitado)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "pwd_expiration_warning (integer)"
msgstr "pwd_expiration_warning (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that the backend server has to provide information about the "
"expiration time of the password. If this information is missing, sssd "
"cannot display a warning. Also an auth provider has to be configured for the "
"Por favor advierta que el servidor de backend tiene que suministrar "
"información sobre la hora expiración de la contraseña. Si esta información "
"está desaparecida, sssd no puede mostrar un aviso. También se tiene que "
"configurar un proveedor de autorización para el backend."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 7 (Kerberos), 0 (LDAP)"
msgstr "Por defecto: 7 (Kerberos), 0 (LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "id_provider (string)"
msgstr "id_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The identification provider used for the domain. Supported ID providers are:"
"El proveedor de identificación usado por el dominio. Los proveedores de ID "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>proxy</quote>: Support a legacy NSS provider"
msgstr "<quote>proxy</quote>: Soporta un proveedor NSS legado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>local</quote>: SSSD internal provider for local users"
msgstr "<quote>local</quote>: Proveedor interno SSSD para usuarios locales"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ldap</quote>: LDAP provider. See <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more "
"information on configuring LDAP."
"<quote>ldap</quote>: Proveedor LDAP. Vea <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más "
"información sobre la configuración de LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ipa</quote>: FreeIPA and Red Hat Enterprise Identity Management "
"provider. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
"<quote>ipa</quote>: Proveedor FreeIPA y Red Hat Enterprise Identity "
"Management. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la "
"configuración de FreeIPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ad</quote>: Active Directory provider. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring Active Directory."
"<quote>ad</quote>: Proveedor Active Directory. Vea <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> para más información sobre la configuración de Active "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "use_fully_qualified_names (bool)"
msgstr "use_fully_qualified_names (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Use the full name and domain (as formatted by the domain's full_name_format) "
"as the user's login name reported to NSS."
"Utiliza el nombre completo y el dominio (formateado en el formato "
"nombre_completo de dominio) como el nombre de acceso del usuario reportado a "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If set to TRUE, all requests to this domain must use fully qualified names. "
"For example, if used in LOCAL domain that contains a \"test\" user, "
"<command>getent passwd test</command> wouldn't find the user while "
"<command>getent passwd test@LOCAL</command> would."
"Si es TRUE, todas las peticiones a este dominio deben usar nombres "
"totalmente cualificados. Por ejemplo, si se usa en el dominio LOCAL que "
"contiene un usuario “test”, <command>getent passwd test</command> no "
"encontraría al usuario mientras que <command>getent passwd test@LOCAL</"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: This option has no effect on netgroup lookups due to their tendency to "
"include nested netgroups without qualified names. For netgroups, all domains "
"will be searched when an unqualified name is requested."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: FALSE (TRUE if default_domain_suffix is used)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ignore_group_members (bool)"
msgstr "ignore_group_members (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Do not return group members for group lookups."
msgstr "No devuelve miembros de grupo para búsquedas de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If set to TRUE, the group membership attribute is not requested from the "
"ldap server, and group members are not returned when processing group lookup "
"calls, such as <citerefentry> <refentrytitle>getgrnam</refentrytitle> "
"<manvolnum>3</manvolnum> </citerefentry> or <citerefentry> "
"<refentrytitle>getgrgid</refentrytitle> <manvolnum>3</manvolnum> </"
"citerefentry>. As an effect, <quote>getent group $groupname</quote> would "
"return the requested group as if it was empty."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Enabling this option can also make access provider checks for group "
"membership significantly faster, especially for groups containing many "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "auth_provider (string)"
msgstr "auth_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The authentication provider used for the domain. Supported auth providers "
"El proveedor de autenticación usado por el dominio. Los proveedores de "
"autenticación soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ldap</quote> for native LDAP authentication. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring LDAP."
"<quote>ldap</quote> para autenticación nativa LDAP. Vea <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>krb5</quote> for Kerberos authentication. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring Kerberos."
"<quote>krb5</quote> para autenticación Kerberos. Vea <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> para más información sobre la configuración de Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>proxy</quote> for relaying authentication to some other PAM target."
"<quote>proxy</quote> para la reinstalación de la autenticación a algún otro "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disables authentication explicitly."
msgstr "<quote>none</quote> deshabilita la autenticación explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"authentication requests."
"Por defecto: <quote>id_provider</quote> se usa si se ha fijado y puede "
"manejar las peticiones de autenticación."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "access_provider (string)"
msgstr "access_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The access control provider used for the domain. There are two built-in "
"access providers (in addition to any included in installed backends) "
"Internal special providers are:"
"El proveedor de control de acceso usado por el dominio. Hay dos provedores "
"de acceso integrados (además de cualquiera instalado en los finales). Los "
"proveedores especiales internos son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>permit</quote> always allow access. It's the only permitted access "
"provider for a local domain."
"<quote>permit</quote> siempre permite el acceso. Es el proveedor de acceso "
"sólo permitido para un dominio local."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>deny</quote> always deny access."
msgstr "<quote>deny</quote> siempre niega el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>simple</quote> access control based on access or deny lists. See "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry> for more information on configuring the simple "
"<quote>simple</quote> control de acceso basado en listas de acceso o "
"denegación. Vea <citerefentry> <refentrytitle>sssd-simple</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> para más información sobre la "
"configuración del módulo de acceso sencillo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>krb5</quote>: .k5login based access control. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum></"
"citerefentry> for more information on configuring Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>proxy</quote> for relaying access control to another PAM module."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: <quote>permit</quote>"
msgstr "Predeterminado: <quote>permit</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "chpass_provider (string)"
msgstr "chpass_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The provider which should handle change password operations for the domain. "
"Supported change password providers are:"
"El proveedor que debería manejar las operaciones de cambio de password para "
"el dominio. Los proveedores de cambio de passweord soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ldap</quote> to change a password stored in a LDAP server. See "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>krb5</quote> to change the Kerberos password. See <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring Kerberos."
"<quote>krb5</quote> para cambiar una contraseña Kerberos. Vea <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> para más información sobre configurar Kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>proxy</quote> for relaying password changes to some other PAM target."
"<quote>proxy</quote> para la reinstalación de cambios de password en algunos "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disallows password changes explicitly."
"<quote>none</quote> deniega explícitamente los cambios en la contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: <quote>auth_provider</quote> is used if it is set and can handle "
"change password requests."
"Por defecto: <quote>auth_provider</quote> se utiliza si se ha fijado y se "
"puede manejar las peticiones de cambio de password."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "sudo_provider (string)"
msgstr "sudo_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The SUDO provider used for the domain. Supported SUDO providers are:"
"El proveedor SUDO usado por el dominio. Los proveedores SUDO soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ldap</quote> for rules stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring LDAP."
"<quote>ldap</quote> para reglas almacenadas en LDAP. Vea <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> para más información sobre la configuración LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ipa</quote> the same as <quote>ldap</quote> but with IPA default "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ad</quote> the same as <quote>ldap</quote> but with AD default "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disables SUDO explicitly."
msgstr "<quote>none</quote>deshabilita SUDO explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: The value of <quote>id_provider</quote> is used if it is set."
"Por defecto: el valor de <quote>id_provider</quote> se usa si está fijado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>. There are many configuration "
"options that can be used to adjust the behavior. Please refer to "
"\"ldap_sudo_*\" in <citerefentry> <refentrytitle>sssd-ldap</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>NOTE:</emphasis> Sudo rules are periodically downloaded in the "
"background unless the sudo provider is explicitly disabled. Set "
"<emphasis>sudo_provider = None</emphasis> to disable all sudo-related "
"activity in SSSD if you do not want to use sudo with SSSD at all."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "selinux_provider (string)"
msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The provider which should handle loading of selinux settings. Note that this "
"provider will be called right after access provider ends. Supported selinux "
"El proveedor que manejaría la carga de los ajustes selinux. Advierta que "
"este proveedor será llamado justo después de que el proveedor de acceso "
"finalice. Los proveedores selinux soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ipa</quote> to load selinux settings from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring IPA."
"<quote>ipa</quote> para cargar ajustes selinux desde un servidor IPA. Vea "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> para más información sobre la configuración de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disallows fetching selinux settings explicitly."
"<quote>none</quote> deshabilita ir a buscar los ajustes selinux "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: <quote>id_provider</quote> is used if it is set and can handle "
"selinux loading requests."
"Por defecto: <quote>id_provider</quote> se usa si está fijado y puede "
"manejar las peticiones de carga selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "subdomains_provider (string)"
msgstr "subdomains_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The provider which should handle fetching of subdomains. This value should "
"be always the same as id_provider. Supported subdomain providers are:"
"El proveedor que debería manejar el atractivo de subdominios. Este valor "
"debería ser siempre el mismo que id_provider. Los proveedores de subdominio "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ipa</quote> to load a list of subdomains from an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring IPA."
"<quote>ipa</quote> para cargar una lista de subdominios desde un servidor "
"IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ad</quote> to load a list of subdomains from an Active Directory "
"server. See <citerefentry> <refentrytitle>sssd-ad</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> for more information on configuring "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disallows fetching subdomains explicitly."
"<quote>none</quote> deshabilita el buscador de subdominios explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "selinux_provider (string)"
msgid "session_provider (string)"
msgstr "selinux_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The provider which configures and manages user session related tasks. The "
"only user session task currently provided is the integration with Fleet "
"Commander, which works only with IPA. Supported session providers are:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>ipa</quote> to allow performing user session related tasks."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>none</quote> does not perform any kind of user session related tasks."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "Default: <quote>id_provider</quote> is used if it is set and can handle "
#| "selinux loading requests."
"Default: <quote>id_provider</quote> is used if it is set and can perform "
"Por defecto: <quote>id_provider</quote> se usa si está fijado y puede "
"manejar las peticiones de carga selinux."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>NOTE:</emphasis> In order to have this feature working as expected "
"SSSD must be running as \"root\" and not as the unprivileged user."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "autofs_provider (string)"
msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The autofs provider used for the domain. Supported autofs providers are:"
"El proveedor autofs usado por el dominio. Los proveedores autofs soportados "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ldap</quote> to load maps stored in LDAP. See <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring LDAP."
"<quote>ldap</quote> para cargar mapas almacenados en LDAP. Vea "
"<citerefentry> <refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> para más información sobre la configuración de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ipa</quote> to load maps stored in an IPA server. See <citerefentry> "
"<refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring IPA."
"<quote>ipa</quote> para cargar mapas almacenados en un servidor IPA. Vea "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> para más información sobre la configuración de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ad</quote> to load maps stored in an AD server. See <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more information on configuring the AD provider."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disables autofs explicitly."
msgstr "<quote>none</quote> deshabilita autofs explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "hostid_provider (string)"
msgstr "hostid_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The provider used for retrieving host identity information. Supported "
"El proveedor usado para recuperar información de identidad de host. Los "
"proveedores de hostid soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>ipa</quote> to load host identity stored in an IPA server. See "
"<citerefentry> <refentrytitle>sssd-ipa</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> for more information on configuring IPA."
"<quote>ipa</quote> para cargar la identidad del equipo almacenada en un "
"servidor IPA. Vea <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> para más información sobre la "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<quote>none</quote> disables hostid explicitly."
msgstr "<quote>none</quote> deshabilita hostid explícitamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Regular expression for this domain that describes how to parse the string "
"containing user name and domain into these components. The \"domain\" can "
"match either the SSSD configuration domain name, or, in the case of IPA "
"trust subdomains and Active Directory domains, the flat (NetBIOS) name of "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default for the AD and IPA provider: <quote>(((?P<domain>[^\\\\]+)\\"
"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?"
"P<name>[^@\\\\]+)$))</quote> which allows three different styles for "
"Por defecto para el proveedor AD e IPA: <quote>(((?P<domain>[^\\\\]+)\\"
"\\(?P<name>.+$))|((?P<name>[^@]+)@(?P<domain>.+$))|(^(?"
"P<name>[^@\\\\]+)$))</quote> que permite tres estilos diferentes de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgstr "nombre de usuario"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "username@domain.name"
msgstr "username@domain.name"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"While the first two correspond to the general default the third one is "
"introduced to allow easy integration of users from Windows domains."
"Mientras los primeros dos corresponden al valor por defecto general el "
"tercero se introduce para permitir una fácil integración de usuarios desde "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</quote> "
"which translates to \"the name is everything up to the <quote>@</quote> "
"sign, the domain everything after that\""
"Predeterminado: <quote>(?P<name>[^@]+)@?(?P<domain>[^@]*$)</"
"quote> que traduce al \"todo lo que hay hasta el signo <quote>@</quote> es "
"el nombre, el dominio es el resto detrás de este signo\""
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"PLEASE NOTE: the support for non-unique named subpatterns is not available "
"on all platforms (
e.g. RHEL5 and SLES10). Only platforms with libpcre "
"version 7 or higher can support non-unique named subpatterns."
"POR FAVOR ADVIERTA: el soporte para subplantillas sin nombre único no está "
"disponible en todas las plataformas (por ejemplo, RHEL5 y SLES10). Sólo las "
"plataformas con la versión de libpcre 7 o superior pueden soportar las "
"subplantillas sin nombre único."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"PLEASE NOTE ALSO: older version of libpcre only support the Python syntax (?"
"P<name>) to label subpatterns."
"POR FAVOR TENGA EN CUENTA ADEMAS: Versiones anteriores de libpcre sólo "
"soportan la sintaxis Python (?P<name>) para identificar subpatrones."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: <quote>%1$s@%2$s</quote>."
msgstr "Predeterminado: <quote>%1$s@%2$s</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "lookup_family_order (string)"
msgstr "lookup_family_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Provides the ability to select preferred address family to use when "
"performing DNS lookups."
"Suministra la capacidad para seleccionar la familia de dirección preferente "
"a usar cuando se lleven a cabo búsquedas DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Supported values:"
msgstr "Valores soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ipv4_first: Try looking up IPv4 address, if that fails, try IPv6"
msgstr "ipv4_first: Intenta buscar dirección IPv4, si falla, intenta IPv6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ipv4_only: Only attempt to resolve hostnames to IPv4 addresses."
msgstr "ipv4_only: Sólo intenta resolver nombres de host a direccones IPv4."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ipv6_first: Try looking up IPv6 address, if that fails, try IPv4"
msgstr "ipv6_first: Intenta buscar dirección IPv6, si falla, intenta IPv4"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ipv6_only: Only attempt to resolve hostnames to IPv6 addresses."
msgstr "ipv6_only: Sólo intenta resolver nombres de host a direccones IPv6."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipv4_first"
msgstr "Predeterminado: ipv4_first"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dns_resolver_timeout (integer)"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "Defines the amount of time (in seconds) to wait for a reply from the DNS "
#| "resolver before assuming that it is unreachable. If this timeout is "
#| "reached, the domain will continue to operate in offline mode."
"Defines the amount of time (in seconds) to wait for a reply from the "
"internal fail over service before assuming that the service is unreachable. "
"If this timeout is reached, the domain will continue to operate in offline "
"Define la cantidad de tiempo (en segundos) para esperar una respuesta desde "
"el DNS antes de asumir que es inalcanzable. Si se alcanza este tiempo de "
"espera, el dominio continuará operativo en modo fuera de línea."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please see the section <quote>FAILOVER</quote> for more information about "
"the service resolution."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 6"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dns_discovery_domain (string)"
msgstr "dns_discovery_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If service discovery is used in the back end, specifies the domain part of "
"the service discovery DNS query."
"Si el descubridor de servicio se usa en el punto final, especifica la parte "
"de dominio de la pregunta al descubridor de servicio DNS."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: Use the domain part of machine's hostname"
"Predeterminado: Utilizar la parte del dominio del nombre de host del equipo"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "override_gid (integer)"
msgstr "override_gid (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Override the primary GID value with the one specified."
msgstr "Anula el valor primario GID con el especificado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "case_sensitive (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "Case sensitive. This value is invalid for AD provider."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "Case insensitive."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"Same as False (case insensitive), but does not lowercase names in the result "
"of NSS operations. Note that name aliases (and in case of services also "
"protocol names) are still lowercased in the output."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Treat user and group names as case sensitive. At the moment, this option is "
"not supported in the local provider. Possible option values are: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: True (False for AD provider)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "subdomain_inherit (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies a list of configuration parameters that should be inherited by a "
"subdomain. Please note that only selected parameters can be inherited. "
"Currently the following options can be inherited:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ignore_group_members"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ldap_purge_cache_timeout"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_use_tokengroups"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ldap_user_principal"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"ldap_krb5_keytab (the value of krb5_keytab will be used if ldap_krb5_keytab "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"subdomain_inherit = ldap_purge_cache_timeout\n"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Example: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Note: This option only works with the IPA and AD provider."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "subdomain_homedir (string)"
msgstr "subdomain_homedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "flat (NetBIOS) name of a subdomain."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Use this homedir as default value for all subdomains within this domain in "
"IPA AD trust. See <emphasis>override_homedir</emphasis> for info about "
"possible values. In addition to those, the expansion below can only be used "
"with <emphasis>subdomain_homedir</emphasis>. <placeholder type="
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The value can be overridden by <emphasis>override_homedir</emphasis> option."
"Este valor puede ser anulado por la opción <emphasis>override_homedir</"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: <filename>/home/%d/%u</filename>"
msgstr "Por defecto: <filename>/home/%d/%u</filename>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "realmd_tags (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Various tags stored by the realmd configuration service for this domain."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "cached_auth_timeout (int)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies time in seconds since last successful online authentication for "
"which user will be authenticated using cached credentials while SSSD is in "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Special value 0 implies that this feature is disabled."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that if <quote>cached_auth_timeout</quote> is longer than "
"<quote>pam_id_timeout</quote> then the back end could be called to handle "
"<quote>initgroups.</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "autofs_provider (string)"
msgid "auto_private_groups (string)"
msgstr "autofs_provider (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If this option is enabled, SSSD will automatically create user private "
"groups based on user's UID number. The GID number is ignored in this case."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For POSIX subdomains, setting the option in the main domain is inherited in "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For ID-mapping subdomains, auto_private_groups is already enabled for the "
"subdomains and setting it to false will not have any effect for the "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: Because the GID number and the user private group are inferred from "
"the UID number, it is not supported to have multiple entries with the same "
"UID or GID number with this option. In other words, enabling this option "
"enforces uniqueness across the ID space."
#. type: Content of: <reference><refentry><refsect1><para>
"These configuration options can be present in a domain configuration "
"section, that is, in a section called <quote>[domain/<replaceable>NAME</"
"replaceable>]</quote> <placeholder type=\"variablelist\" id=\"0\"/>"
"Estas opciones de configuración pueden estar presentes en la sección "
"configuración de dominio, esto es, en una sección llamada <quote>[domain/"
"<replaceable>NAME</replaceable>]</quote> <placeholder type=\"variablelist\" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "proxy_pam_target (string)"
msgstr "proxy_pam_target (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The proxy target PAM proxies to."
msgstr "El proxy de destino PAM próximo a."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: not set by default, you have to take an existing pam configuration "
"or create a new one and add the service name here."
"Por defecto: no se fija por defecto, usted tiene que coger una configuración "
"pam existente o crear una nueva y añadir el nombre de servicio aquí."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "proxy_lib_name (string)"
msgstr "proxy_lib_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The name of the NSS library to use in proxy domains. The NSS functions "
"searched for in the library are in the form of _nss_$(libName)_$(function), "
"for example _nss_files_getpwent."
"El nombre de la librería NSS para usar en los dominios proxy. Las funciones "
"NSS buscadas dentro de la librería están el formato de _nss_$(libName)_"
"$(function), por ejemplo _nss_files_getpwent."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "proxy_fast_alias (boolean)"
msgstr "proxy_fast_alias (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When a user or group is looked up by name in the proxy provider, a second "
"lookup by ID is performed to \"canonicalize\" the name in case the requested "
"name was an alias. Setting this option to true would cause the SSSD to "
"perform the ID lookup from cache for performance reasons."
"Cuando un usuario o grupo es buscado por nombre en el proveedor proxy, una "
"segunda búsqueda por ID es llevada a cabo para “estandarizar” el nombre en "
"el caso de que el nombre pedido fuera un alias. Fijando esta opción a true "
"se causaría que SSSD lleve a cabo una búsqueda de ID desde el escondrijo por "
"razones de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "proxy_max_children (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option specifies the number of pre-forked proxy children. It is useful "
"for high-load SSSD environments where sssd may run out of available child "
"slots, which would cause some issues due to the requests being queued."
#. type: Content of: <reference><refentry><refsect1><para>
"Options valid for proxy domains. <placeholder type=\"variablelist\" id="
"Opciones válidas para dominios proxy. <placeholder type=\"variablelist\" id="
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "Application domains"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"SSSD, with its D-Bus interface (see <citerefentry> <refentrytitle>sssd-ifp</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>) is appealing to "
"applications as a gateway to an LDAP directory where users and groups are "
"stored. However, contrary to the traditional SSSD deployment where all users "
"and groups either have POSIX attributes or those attributes can be inferred "
"from the Windows SIDs, in many cases the users and groups in the application "
"support scenario have no POSIX attributes. Instead of setting a "
"<quote>[domain/<replaceable>NAME</replaceable>]</quote> section, the "
"administrator can set up an <quote>[application/<replaceable>NAME</"
"replaceable>]</quote> section that internally represents a domain with type "
"<quote>application</quote> optionally inherits settings from a tradition "
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"Please note that the application domain must still be explicitly enabled in "
"the <quote>domains</quote> parameter so that the lookup order between the "
"application domain and its POSIX sibling domain is set correctly."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
msgid "Application domain parameters"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "inherit_from (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The SSSD POSIX-type domain the application domain inherits all settings "
"from. The application domain can moreover add its own settings to the "
"application settings that augment or override the <quote>sibling</quote> "
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The following example illustrates the use of an application domain. In this "
"setup, the POSIX domain is connected to an LDAP server and is used by the OS "
"through the NSS responder. In addition, the application domain also requests "
"the telephoneNumber attribute, stores it as the phone attribute in the cache "
"and makes the phone attribute reachable through the D-Bus interface."
#. type: Content of: <reference><refentry><refsect1><refsect2><programlisting>
"domains = appdom, posixdom\n"
"user_attributes = +phone\n"
"ldap_search_base = dc=example,dc=com\n"
"inherit_from = posixdom\n"
"ldap_user_extra_attrs = phone:telephoneNumber\n"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "The local domain section"
msgstr "La sección de dominio local"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"This section contains settings for domain that stores users and groups in "
"SSSD native database, that is, a domain that uses "
"<replaceable>id_provider=local</replaceable>."
"Esta sección contiene la configuración para dominio que almacena los "
"usuarios y grupos en la base de datos SSSD nativa, es decir, un dominio que "
"utiliza <replaceable>id_provider=local</replaceable>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "default_shell (string)"
msgstr "default_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "The default shell for users created with SSSD userspace tools."
"El shell predeterminado para los usuarios creados con herramientas de "
"espacio de usuario SSSD."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: <filename>
/bin/bash</filename>"
msgstr "Predeterminado: <filename>
/bin/bash</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "base_directory (string)"
msgstr "base_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The tools append the login name to <replaceable>base_directory</replaceable> "
"and use that as the home directory."
"Las herramientas anexan el nombre de inicio de sesión para "
"<replaceable>base_directory</replaceable> y utilizan éste como el directorio "
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: <filename>/home</filename>"
msgstr "Predeterminado: <filename>/home</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "create_homedir (bool)"
msgstr "create_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Indicate if a home directory should be created by default for new users. "
"Can be overridden on command line."
"Indica si se creará un directorio home por defecto para los nuevos usuarios. "
"Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: TRUE"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "remove_homedir (bool)"
msgstr "remove_homedir (bool)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Indicate if a home directory should be removed by default for deleted "
"users. Can be overridden on command line."
"Indica si el directorio home será borrado por defecto para los usuarios "
"borrados. Puede ser anulado desde la línea de comando."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "homedir_umask (integer)"
msgstr "homedir_umask (entero)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> to specify the default permissions "
"on a newly created home directory."
"Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> para especificar los permisos "
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 077"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "skel_dir (string)"
msgstr "skel_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
"<citerefentry> <refentrytitle>sss_useradd</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>"
"El directorio esqueleto, el cual contiene archivos y directorios a copiarse "
"en el directorio principal del usuario, cuando se crea el directorio "
"principal de <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: <filename>
/etc/skel</filename>"
msgstr "Predeterminado: <filename>
/etc/skel</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "mail_dir (string)"
msgstr "mail_dir (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The mail spool directory. This is needed to manipulate the mailbox when its "
"corresponding user account is modified or deleted. If not specified, a "
"El directorio carreta de correo. Es necesario para manipular el buzón de "
"correo cuando la cuenta de usuario correspondiente es modificada o borrada. "
"Si no se especifica, se utiliza un valor por defecto."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: <filename>
/var/mail</filename>"
msgstr "Predeterminado: <filename>
/var/mail</filename>"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "userdel_cmd (string)"
msgstr "userdel_cmd (cadena)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
"The command that is run after a user is removed. The command us passed the "
"username of the user being removed as the first and only parameter. The "
"return code of the command is not taken into account."
"El comando que está corriendo después de que un usuario es borrado. El "
"comando us para el nombre de usuario que está siendo borrado como primer y "
"único parámetro. El código de retorno del comando no es tenido en cuenta."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Default: None, no command is run"
msgstr "Predeterminado: None, no se ejecuta comando"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "TRUSTED DOMAIN SECTION"
#. type: Content of: <reference><refentry><refsect1><para>
"Some options used in the domain section can also be used in the trusted "
"domain section, that is, in a section called <quote>[domain/"
"<replaceable>DOMAIN_NAME</replaceable>/<replaceable>TRUSTED_DOMAIN_NAME</"
"replaceable>]</quote>. Where DOMAIN_NAME is the actual joined-to base "
"domain. Please refer to examples below for explanation. Currently supported "
"options in the trusted domain section are:"
#. type: Content of: <reference><refentry><refsect1><para>
msgid "ldap_search_base,"
#. type: Content of: <reference><refentry><refsect1><para>
msgid "ldap_user_search_base,"
#. type: Content of: <reference><refentry><refsect1><para>
msgid "ldap_group_search_base,"
#. type: Content of: <reference><refentry><refsect1><para>
msgid "ldap_netgroup_search_base,"
#. type: Content of: <reference><refentry><refsect1><para>
msgid "ldap_service_search_base,"
#. type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
msgid "ad_backup_server,"
#. type: Content of: <reference><refentry><refsect1><para>
#. type: Content of: <reference><refentry><refsect1><para>
msgid "use_fully_qualified_names"
#. type: Content of: <reference><refentry><refsect1><para>
"For more details about these options see their individual description in the "
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"config_file_version = 2\n"
"ldap_search_base = dc=example,dc=com\n"
"cache_credentials = true\n"
"config_file_version = 2\n"
"ldap_search_base = dc=example,dc=com\n"
"cache_credentials = true\n"
#. type: Content of: <reference><refentry><refsect1><para>
#| "The following example shows a typical SSSD config. It does not describe "
#| "configuration of the domains themselves - refer to documentation on "
#| "configuring domains for more details. <placeholder type=\"programlisting"
"1. The following example shows a typical SSSD config. It does not describe "
"configuration of the domains themselves - refer to documentation on "
"configuring domains for more details. <placeholder type=\"programlisting\" "
"El siguiente ejemplo muestra una configuración SSSD típica. No describe la "
"configuración de los dominios en si mismos – vea la documentación sobre la "
"configuración de dominios para más detalles. <placeholder type="
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"use_fully_qualified_names = false\n"
#. type: Content of: <reference><refentry><refsect1><para>
"2. The following example shows configuration of IPA AD trust where the AD "
"forest consists of two domains in a parent-child structure. Suppose IPA "
"(
child.ad.com). To enable shortnames in the child domain the following "
"configuration should be used. <placeholder type=\"programlisting\" id=\"0\"/"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD LDAP provider"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of LDAP domains for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Refer to the <quote>FILE FORMAT</quote> section of the "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for detailed syntax information."
"Esta página de manual describe la configuración de dominios LDAP para "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Vea la sección <quote>FILE FORMAT</quote> de la página de "
"manual <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> para información detallada de la sintáxis."
#. type: Content of: <reference><refentry><refsect1><para>
msgid "You can configure SSSD to use more than one LDAP domain."
msgstr "Puede configurar SSSD para usar más de un dominio LDAP."
#. type: Content of: <reference><refentry><refsect1><para>
"LDAP back end supports id, auth, access and chpass providers. If you want to "
"authenticate against an LDAP server either
TLS/SSL or LDAPS is required. "
"<command>sssd</command> <emphasis>does not</emphasis> support authentication "
"over an unencrypted channel. If the LDAP server is used only as an identity "
"provider, an encrypted channel is not needed. Please refer to "
"<quote>ldap_access_filter</quote> config option for more information about "
"using LDAP as an access provider."
"El punto final de LDAP soporta proveedores de id, auth, acceso y chpass. Si "
"usted desea autenticarse contra un servidor LDAP se requiere bien
TLS/SSL o "
"LDAPS. <command>sssd</command> <emphasis>no</emphasis> soporta autenticación "
"sobre un canal no esncriptado. Si el servidor LDAP se usa sólo como un "
"proveedor de identidad, no se necesita un canal encriptado. Por favor vea la "
"opción de configuración <quote>ldap_access_filter</quote> para más "
"información sobre la utilización de LDAP como proveedor de acceso."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "CONFIGURATION OPTIONS"
msgstr "OPCIONES DE CONFIGURACIÓN"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_uri, ldap_backup_uri (string)"
msgstr "ldap_uri, ldap_backup_uri (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
"should connect in the order of preference. Refer to the <quote>FAILOVER</"
"quote> section for more information on failover and server redundancy. If "
"neither option is specified, service discovery is enabled. For more "
"information, refer to the <quote>SERVICE DISCOVERY</quote> section."
"Especifica una lista separada por comas de URIs del servidor LDAP al que "
"SSSD se conectaría en orden de preferencia. Vea la sección "
"<quote>CONMUTACIÓN EN ERROR</quote> para más información sobre la "
"conmutación en error y la redundancia de servidor. Si no hay opción "
"especificada, se habilita el descubridor de servicio. Para más información, "
"vea la sección <quote>DESCUBRIDOR DE SERVICIOS</quote>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "The format of the URI must match the format defined in RFC 2732:"
"El formato de la URI debe coincidir con el formato definido en RFC 2732:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ldap[s]://<host>[:port]"
msgstr "ldap[s]://<host>[:port]"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For explicit IPv6 addresses, <host> must be enclosed in brackets []"
"Para direcciones IPv6 explícitas, <host> debe estar entre corchetes []"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "example: ldap://[fc00::126:25]:389"
msgstr "ejemplo: ldap://[fc00::126:25]:389"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_chpass_uri, ldap_chpass_backup_uri (string)"
msgstr "ldap_chpass_uri, ldap_chpass_backup_uri (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of URIs of the LDAP servers to which SSSD "
"should connect in the order of preference to change the password of a user. "
"Refer to the <quote>FAILOVER</quote> section for more information on "
"failover and server redundancy."
"Especifica la lista separada por comas de URIs de los servidores LDAP a los "
"que SSSD se conectaría con el objetivo preferente de cambiar la contraseña "
"de un usuario. Vea la sección <quote>FAILOVER</quote> para más información "
"sobre failover y redundancia de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "To enable service discovery ldap_chpass_dns_service_name must be set."
"Para habilitar el servicio descubrimiento ldap_chpass_dns_service_name debe "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: empty,
i.e. ldap_uri is used."
msgstr "Por defecto: vacio, esto es ldap_uri se está usando."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_search_base (string)"
msgstr "ldap_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The default base DN to use for performing LDAP user operations."
"El DN base por defecto que se usará para realizar operaciones LDAP de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Starting with SSSD 1.7.0, SSSD supports multiple search bases using the "
"Desde SSSD 1.7.0, SSSD soporta múltiples bases de búsqueda usando la "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
msgstr "search_base[?scope?[filter][?search_base?scope?[filter]]*]"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The scope can be one of \"base\", \"onelevel\" or \"subtree\"."
msgstr "El alcance puede ser uno de “base”, “onlevel” o “subtree”."
#. type: Content of: <listitem><para>
"The filter must be a valid LDAP search filter as specified by
http://www."
"El filtro debe ser un filtro de búsqueda LDAP válido como se especifica en "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"ldap_search_base = dc=example,dc=com (which is equivalent to) "
"ldap_search_base = dc=example,dc=com?subtree?"
"ldap_search_base = dc=example,dc=com (que es equivalente a) ldap_search_base "
"= dc=example,dc=com?subtree?"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
"ldap_search_base = cn=host_specific,dc=example,dc=com?subtree?"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: It is unsupported to have multiple search bases which reference "
"identically-named objects (for example, groups with the same name in two "
"different search bases). This will lead to unpredictable behavior on client "
"Nota: No está soportado tener múltiples bases de búsqueda que se referencien "
"a objetos nombrados idénticamente (por ejemplo, grupos con el mismo nombre "
"en dos bases de búsqueda diferentes). Esto llevara a comportamientos "
"impredecibles sobre máquinas cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: If not set, the value of the defaultNamingContext or namingContexts "
"attribute from the RootDSE of the LDAP server is used. If "
"defaultNamingContext does not exist or has an empty value namingContexts is "
"used. The namingContexts attribute must have a single value with the DN of "
"the search base of the LDAP server to make this work. Multiple values are "
"Por defecto: no se fija, se usa el valor de los atributos "
"defaultNamingContext o namingContexts de RootDSE del servidor LDAP usado. "
"Si defaultNamingContext no existe o tiene un valor vacío se usa "
"namingContexts. El atributo namingContexts debe tener un único valor con el "
"DN de la base de búsqueda del servidor LDAP para hacer este trabajo. No se "
"soportan múltiples valores."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_schema (string)"
msgstr "ldap_schema (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the Schema Type in use on the target LDAP server. Depending on "
"the selected schema, the default attribute names retrieved from the servers "
"may vary. The way that some attributes are handled may also differ."
"Especifica el Tipo de Esquema en uso en el servidor LDAP objetivo. "
"Dependiendo del esquema seleccionado, los nombres de atributos por defecto "
"que se recuperan de los servidores pueden variar. La manera en que algunos "
"atributos son manejados puede también diferir."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Four schema types are currently supported:"
msgstr "Cuatro tipos de esquema son actualmente soportados:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The main difference between these schema types is how group memberships are "
"recorded in the server. With rfc2307, group members are listed by name in "
"the <emphasis>memberUid</emphasis> attribute. With rfc2307bis and IPA, "
"group members are listed by DN and stored in the <emphasis>member</emphasis> "
"attribute. The AD schema type sets the attributes to correspond with Active "
"Directory 2008r2 values."
"La principal diferencia entre estos tipos de esquemas es como las "
"afiliaciones de grupo son grabadas en el servidor. Con rfc2307, los miembros "
"de grupos son listados por nombre en el atributo <emphasis>memberUid</"
"emphasis>. Con rfc2307bis e IPA, los miembros de grupo son listados por DN y "
"almacenados en el atributo <emphasis>member</emphasis>. El tipo de esquema "
"AD fija los atributos para corresponderse con los valores Active Directory "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: rfc2307"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_default_bind_dn (string)"
msgstr "ldap_default_bind_dn (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The default bind DN to use for performing LDAP operations."
"El enlazador DN por defecto a usar para llevar a cabo operaciones LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_default_authtok_type (string)"
msgstr "ldap_default_authtok_type (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The type of the authentication token of the default bind DN."
msgstr "El tipo de ficha de autenticación del enlazador DN por defecto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The two mechanisms currently supported are:"
msgstr "Los dos mecanismos actualmente soportados son:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "obfuscated_password"
msgstr "obfuscated_password"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: password"
msgstr "Por defecto: contraseña"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_default_authtok (string)"
msgstr "ldap_default_authtok (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The authentication token of the default bind DN. Only clear text passwords "
"are currently supported."
"La ficha de autenticación del enlazador DN por defecto. Sólo se soportan "
"actualmente password de texto claro."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_object_class (string)"
msgstr "ldap_user_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The object class of a user entry in LDAP."
msgstr "La clase de objeto de una entrada de usuario en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: posixAccount"
msgstr "Predeterminado: posixAccount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_name (string)"
msgstr "ldap_user_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the user's login name."
"El atributo LDAP que corresponde al nombre de inicio de sesión del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: uid (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_uid_number (string)"
msgstr "ldap_user_uid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the user's id."
msgstr "El atributo LDAP que corresponde al id de usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: uidNumber"
msgstr "Predeterminado: uidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_gid_number (string)"
msgstr "ldap_user_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the user's primary group id."
msgstr "El atributo LDAP que corresponde al id del grupo primario del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: gidNumber"
msgstr "Predeterminado: gidNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_primary_group (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Active Directory primary group attribute for ID-mapping. Note that this "
"attribute should only be set manually if you are running the <quote>ldap</"
"quote> provider with ID mapping."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: unset (LDAP), primaryGroupID (AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_gecos (string)"
msgstr "ldap_user_gecos (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the user's gecos field."
msgstr "El atributo LDAP que corresponde al campo de gecos del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: gecos"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_home_directory (string)"
msgstr "ldap_user_home_directory (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the name of the user's home directory."
"El atributo LDAP que contiene el nombre del directorio principal del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: homeDirectory"
msgstr "Predeterminado: homeDirectory"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shell (string)"
msgstr "ldap_user_shell (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the path to the user's default shell."
"El atributo LDAP que contiene la ruta de acceso a la shell predeterminada "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: loginShell"
msgstr "Predeterminado: loginShell"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the
UUID/GUID of an LDAP user object."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: not set in the general case, objectGUID for AD and ipaUniqueID for "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_objectsid (string)"
msgstr "ldap_user_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains the objectSID of an LDAP user object. This "
"is usually only necessary for ActiveDirectory servers."
"El atributo LDAP que contiene el objectSID de un objeto usuario LDAP. Esto "
"es normalmente sólo necesario para servidores ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: objectSid for ActiveDirectory, not set for other servers."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_modify_timestamp (string)"
msgstr "ldap_user_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains timestamp of the last modification of the "
"El atributo LDAP que contiene la fecha y hora de la última modificación del "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: modifyTimestamp"
msgstr "Predeterminado: modifyTimestamp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shadow_last_change (string)"
msgstr "ldap_user_shadow_last_change (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (date of "
"the last password change)."
"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre "
"de un atributo LDAP correspondiente a su <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> homologo (fecha del último cambio de password)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: shadowLastChange"
msgstr "Predeterminado: shadowLastChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shadow_min (string)"
msgstr "ldap_user_shadow_min (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (minimum "
"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre "
"de un atributo LDAP correspondiente a su <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> homologo (edad mínima del password)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: shadowMin"
msgstr "Predeterminado: shadowMin"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shadow_max (string)"
msgstr "ldap_user_shadow_max (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart (maximum "
"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre "
"de un atributo LDAP correspondiente a su <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> homologo (edad máxima del password)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: shadowMax"
msgstr "Predeterminado: shadowMax"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shadow_warning (string)"
msgstr "ldap_user_shadow_warning (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
"(password warning period)."
"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre "
"de un atributo LDAP correspondiente a su <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> homologo (período de aviso de password)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: shadowWarning"
msgstr "Predeterminado: shadowWarning"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shadow_inactive (string)"
msgstr "ldap_user_shadow_inactive (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=shadow, this parameter contains the name of an "
"LDAP attribute corresponding to its <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> counterpart "
"(password inactivity period)."
"Cuando se utiliza ldap_pwd_policy=shadow, este parámetro contiene el nombre "
"de un atributo LDAP correspondiente a su <citerefentry> "
"<refentrytitle>shadow</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> homologo (período de inactividad de password)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: shadowInactive"
msgstr "Predeterminado: shadowInactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_shadow_expire (string)"
msgstr "ldap_user_shadow_expire (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=shadow or ldap_account_expire_policy=shadow, this "
"parameter contains the name of an LDAP attribute corresponding to its "
"<citerefentry> <refentrytitle>shadow</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> counterpart (account expiration date)."
"Cuando se utiliza ldap_pwd_policy=shadow o "
"ldap_account_expire_policy=shadow, este parámetro contiene el nombre de un "
"atributo correspondiente con su <citerefentry> <refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> homólogo (fecha de "
"expiración de la cuenta)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: shadowExpire"
msgstr "Predeterminado: shadowExpire"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_krb_last_pwd_change (string)"
msgstr "ldap_user_krb_last_pwd_change (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time of last password change in "
"Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el "
"nombre de un atributo LDAP que almacena la fecha y la hora del último cambio "
"de password en kerberos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: krbLastPwdChange"
msgstr "Predeterminado: krbLastPwdChange"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_krb_password_expiration (string)"
msgstr "ldap_user_krb_password_expiration (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_pwd_policy=mit_kerberos, this parameter contains the name of "
"an LDAP attribute storing the date and time when current password expires."
"Cuando se utiliza ldap_pwd_policy=mit_kerberos, este parámetro contiene el "
"nombre de un atributo LDAP que almacena la fecha y la hora en la que expira "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: krbPasswordExpiration"
msgstr "Predeterminado: krbPasswordExpiration"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_ad_account_expires (string)"
msgstr "ldap_user_ad_account_expires (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the expiration time of the account."
"Cuando se utiliza ldap_account_expire_policy=ad, este parámetro contiene el "
"nombre de un atributo LDAP que almacena el tiempo de expiración de la cuenta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: accountExpires"
msgstr "Predeterminado: accountExpires"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_ad_user_account_control (string)"
msgstr "ldap_user_ad_user_account_control (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_account_expire_policy=ad, this parameter contains the name "
"of an LDAP attribute storing the user account control bit field."
"Cuando se usa ldap_account_expire_policy=ad, este parámetro contiene el "
"nombre de un atributo LDAP que almacena el campo bit de control de la cuenta "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: userAccountControl"
msgstr "Predeterminado: userAccountControl"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_ns_account_lock (string)"
msgstr "ldap_ns_account_lock (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_account_expire_policy=rhds or equivalent, this parameter "
"determines if access is allowed or not."
"Cuando se usa ldap_account_expire_policy=rhds o esquivalente, este parámetro "
"determina si el acceso está permitido o no."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: nsAccountLock"
msgstr "Predeterminado: nsAccountLock"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_nds_login_disabled (string)"
msgstr "ldap_user_nds_login_disabled (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_account_expire_policy=nds, this attribute determines if "
"access is allowed or not."
"Cuando se usa ldap_account_expire_policy=nds, este atributo determina si el "
"acceso está permitido o no."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: loginDisabled"
msgstr "Predeterminado: loginDisabled"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_nds_login_expiration_time (string)"
msgstr "ldap_user_nds_login_expiration_time (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_account_expire_policy=nds, this attribute determines until "
"which date access is granted."
"Cuando se usa ldap_account_expire_policy=nds, este atributo determina hasta "
"que fecha se concede el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_nds_login_allowed_time_map (string)"
msgstr "ldap_user_nds_login_allowed_time_map (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using ldap_account_expire_policy=nds, this attribute determines the "
"hours of a day in a week when access is granted."
"Cuando se utiliza ldap_account_expire_policy=nds, este atributo determina la "
"hora de un día en la semana cuando se concede el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: loginAllowedTimeMap"
msgstr "Predeterminado: loginAllowedTimeMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_principal (string)"
msgstr "ldap_user_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains the user's Kerberos User Principal Name "
"El atributo LDAP que contiene le Nombre Principal de Usuario Kerberos (UPN) "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: krbPrincipalName"
msgstr "Predeterminado: krbPrincipalName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_extra_attrs (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Comma-separated list of LDAP attributes that SSSD would fetch along with the "
"usual set of user attributes."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The list can either contain LDAP attribute names only, or colon-separated "
"tuples of SSSD cache attribute name and LDAP attribute name. In case only "
"LDAP attribute name is specified, the attribute is saved to the cache "
"verbatim. Using a custom SSSD attribute name might be required by "
"environments that configure several SSSD domains with different LDAP schemas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that several attribute names are reserved by SSSD, notably the "
"<quote>name</quote> attribute. SSSD would report an error if any of the "
"reserved attribute names is used as an extra attribute name."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ldap_user_extra_attrs = telephoneNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Save the <quote>telephoneNumber</quote> attribute from LDAP as "
"<quote>telephoneNumber</quote> to the cache."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "ldap_user_extra_attrs = phone:telephoneNumber"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Save the <quote>telephoneNumber</quote> attribute from LDAP as <quote>phone</"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the user's SSH public keys."
msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sshPublicKey"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_force_upper_case_realm (boolean)"
msgstr "ldap_force_upper_case_realm (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Some directory servers, for example Active Directory, might deliver the "
"realm part of the UPN in lower case, which might cause the authentication to "
"fail. Set this option to a non-zero value if you want to use an upper-case "
"Algunos servidores de directorio, por ejemplo Active Directory, pueden "
"entregar la parte real del UPN en minúsculas, lo que puede causar fallos de "
"autenticación. Fije esta opción en un valor distinto de cero si usted desea "
"usar mayúsculas reales."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_enumeration_refresh_timeout (integer)"
msgstr "ldap_enumeration_refresh_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies how many seconds SSSD has to wait before refreshing its cache of "
"Especifica cuantos segundos SSSD tiene que esperar antes de refrescar su "
"escondrijo de los registros enumerados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_purge_cache_timeout (integer)"
msgstr "ldap_purge_cache_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Determine how often to check the cache for inactive entries (such as groups "
"with no members and users who have never logged in) and remove them to save "
"Determina la frecuencia de comprobación del cache para entradas inactivas "
"(como grupos sin miembros y usuarios que nunca han accedido) y borrarlos "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Setting this option to zero will disable the cache cleanup operation. Please "
"note that if enumeration is enabled, the cleanup task is required in order "
"to detect entries removed from the server and can't be disabled. By default, "
"the cleanup task will run every 3 hours with enumeration enabled."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_fullname (string)"
msgstr "ldap_user_fullname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the user's full name."
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_member_of (string)"
msgstr "ldap_user_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that lists the user's group memberships."
msgstr "El atributo LDAP que lista los afiliación a grupo de usario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: memberOf"
msgstr "Predeterminado: memberOf"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_authorized_service (string)"
msgstr "ldap_user_authorized_service (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If access_provider=ldap and ldap_access_order=authorized_service, SSSD will "
"use the presence of the authorizedService attribute in the user's LDAP entry "
"to determine access privilege."
"Si access_provider=ldap y ldap_access_order=authorized_service, SSSD "
"utilizará la presencia del atributo authorizedService en la entrada LDAP del "
"usuario para determinar el privilegio de acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"An explicit deny (!svc) is resolved first. Second, SSSD searches for "
"explicit allow (svc) and finally for allow_all (*)."
"Una denegación explícita (¡svc) se resuelve primero. Segundo, SSSD busca "
"permiso explícito (svc) y finalmente permitir todo (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>authorized_service</quote> in order for the "
"ldap_user_authorized_service option to work."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: authorizedService"
msgstr "Predeterminado: iluminada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_authorized_host (string)"
msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If access_provider=ldap and ldap_access_order=host, SSSD will use the "
"presence of the host attribute in the user's LDAP entry to determine access "
"Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la "
"presencia del atributo host en la entrada LDAP del usuario para determinar "
"el privilegio de acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"An explicit deny (!host) is resolved first. Second, SSSD searches for "
"explicit allow (host) and finally for allow_all (*)."
"Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda "
"SSSD para permiso explícito (host) y finalmente permitir todo (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>host</quote> in order for the "
"ldap_user_authorized_host option to work."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_user_authorized_host (string)"
msgid "ldap_user_authorized_rhost (string)"
msgstr "ldap_user_authorized_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "If access_provider=ldap and ldap_access_order=host, SSSD will use the "
#| "presence of the host attribute in the user's LDAP entry to determine "
"If access_provider=ldap and ldap_access_order=rhost, SSSD will use the "
"presence of the rhost attribute in the user's LDAP entry to determine access "
"privilege. Similarly to host verification process."
"Si access_provider=ldap y ldap_access_order=host, SSSD utilizará la "
"presencia del atributo host en la entrada LDAP del usuario para determinar "
"el privilegio de acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "An explicit deny (!host) is resolved first. Second, SSSD searches for "
#| "explicit allow (host) and finally for allow_all (*)."
"An explicit deny (!rhost) is resolved first. Second, SSSD searches for "
"explicit allow (rhost) and finally for allow_all (*)."
"Una denegación explícita (¡host) se resuelve primero. Segundo, la búsqueda "
"SSSD para permiso explícito (host) y finalmente permitir todo (*)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>rhost</quote> in order for the "
"ldap_user_authorized_rhost option to work."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_certificate (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Name of the LDAP attribute containing the X509 certificate of the user."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "Default: filter"
msgid "Default: userCertificate;binary"
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_email (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Name of the LDAP attribute containing the email address of the user."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: If an email address of a user conflicts with an email address or fully "
"qualified name of another user, then SSSD will not be able to serve those "
"users properly. If for some reason several users need to share the same "
"email address then set this option to a nonexistent attribute name in order "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_object_class (string)"
msgstr "ldap_group_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The object class of a group entry in LDAP."
msgstr "La clase de objeto de una entrada de grupo LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: posixGroup"
msgstr "Por defecto: posixGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_name (string)"
msgstr "ldap_group_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the group name."
msgstr "El atributo LDAP que corresponde al nombre de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: cn (rfc2307, rfc2307bis and IPA), sAMAccountName (AD)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_gid_number (string)"
msgstr "ldap_group_gid_number (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the group's id."
msgstr "El atributo LDAP que corresponde al id del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_member (string)"
msgstr "ldap_group_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the names of the group's members."
msgstr "El atributo LDAP que contiene los nombres de los miembros del grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: memberuid (rfc2307) / member (rfc2307bis)"
msgstr "Valor predeterminado: memberuid (rfc2307) / member (rfc2307bis)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the
UUID/GUID of an LDAP group object."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_objectsid (string)"
msgstr "ldap_group_objectsid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains the objectSID of an LDAP group object. This "
"is usually only necessary for ActiveDirectory servers."
"El atributo LDAP que contiene el objectSID de un objeto grupo LDAP. Esto es "
"normalmente sólo necesario para servidores ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_modify_timestamp (string)"
msgstr "ldap_group_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_type (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains an integer value indicating the type of the "
"group and maybe other flags."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This attribute is currently only used by the AD provider to determine if a "
"group is a domain local groups and has to be filtered out for trusted "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: groupType in the AD provider, otherwise not set"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_external_member (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that references group members that are defined in an "
"external domain. At the moment, only IPA's external members are supported."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipaExternalMember in the IPA provider, otherwise unset."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_nesting_level (integer)"
msgstr "ldap_group_nesting_level (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If ldap_schema is set to a schema format that supports nested groups (
e.g. "
"RFC2307bis), then this option controls how many levels of nesting SSSD will "
"follow. This option has no effect on the RFC2307 schema."
"Si ldap_schema está fijado en un formato de esquema que soporte los grupos "
"anidados (por ejemplo, RFC2307bis), entonces esta opción controla cuantos "
"niveles de anidamiento seguirá SSSD. Este opción no tiene efecto en el "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: This option specifies the guaranteed level of nested groups to be "
"processed for any lookup. However, nested groups beyond this limit "
"<emphasis>may be</emphasis> returned if previous lookups already resolved "
"the deeper nesting levels. Also, subsequent lookups for other groups may "
"enlarge the result set for original lookup if re-queried."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If ldap_group_nesting_level is set to 0 then no nested groups are processed "
"at all. However, when connected to Active-Directory Server 2008 and later "
"using <quote>id_provider=ad</quote> it is furthermore required to disable "
"usage of Token-Groups by setting ldap_use_tokengroups to false in order to "
"restrict group nesting."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_groups_use_matching_rule_in_chain"
msgstr "ldap_groups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which may speed up group lookup operations on deployments with "
"complex or deep nested groups."
"Esta opción le dice a SSSD como tomar ventajar de una función específica de "
"Active Directory que puede acelerar las operaciones de búsqueda de grupo son "
"despliegues con grupos complejos o profundamente anidados."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"In most common cases, it is best to leave this option disabled. It generally "
"only provides a performance increase on very complex nestings."
"En los casos más comunes, es mejor dejar esta opción deshabilitada. "
"Generalmente sólo suministra un incremento de rendimiento en anidamientos "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If this option is enabled, SSSD will use it if it detects that the server "
"supports it during initial connection. So \"True\" here essentially means "
"Si esta opción está habilitada, SSSD la usará si detecta que el servidor la "
"soporta durante la conexión inicial. De modo que “True” aquí significa "
"esencialmente “auto-detect”."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: This feature is currently known to work only with Active Directory "
"Nota: Esta función se sabe que actualmente trabajo sólo con Active Directory "
"documentation</ulink> para más detalles."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_initgroups_use_matching_rule_in_chain"
msgstr "ldap_initgroups_use_matching_rule_in_chain"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option tells SSSD to take advantage of an Active Directory-specific "
"feature which might speed up initgroups operations (most notably when "
"dealing with complex or deep nested groups)."
"Esta opción le dice a SSSD que tome ventaja de una función específica de "
"Active Directory que puede acelerar las operaciones de inicio de grupo (más "
"notable cuando se trata con grupos complejos o profundamente anidados)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This options enables or disables use of Token-Groups attribute when "
"performing initgroup for users from Active Directory Server 2008 and later."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: True for AD and IPA otherwise False."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_netgroup_object_class (string)"
msgstr "ldap_netgroup_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The object class of a netgroup entry in LDAP."
msgstr "La clase de objeto de una entrada netgroup en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "In IPA provider, ipa_netgroup_object_class should be used instead."
msgstr "En proveedor IPA, ipa_netgroup_object_class, se usaría en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: nisNetgroup"
msgstr "Predeterminado: nisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_netgroup_name (string)"
msgstr "ldap_netgroup_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the netgroup name."
msgstr "El atributo LDAP que corresponde al nombre del netgroup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "In IPA provider, ipa_netgroup_name should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_name sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_netgroup_member (string)"
msgstr "ldap_netgroup_member (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the names of the netgroup's members."
"El atributo LDAP que contiene los nombres de los miembros de grupo de red."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "In IPA provider, ipa_netgroup_member should be used instead."
msgstr "Un proveedor IPA, ipa_netgroup_member sería usado en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: memberNisNetgroup"
msgstr "Predeterminado: memberNisNetgroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_netgroup_triple (string)"
msgstr "ldap_netgroup_triple (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains the (host, user, domain) netgroup triples."
"El atributo LDAP que contiene los (host, usuario, dominio) triples de grupo "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "This option is not available in IPA provider."
msgstr "Esta opción no está disponible en el proveedor IPA."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: nisNetgroupTriple"
msgstr "Predeterminado: nisNetgroupTriple"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_netgroup_modify_timestamp (string)"
msgstr "ldap_netgroup_modify_timestamp (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_user_object_class (string)"
msgid "ldap_host_object_class (string)"
msgstr "ldap_user_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "The object class of a user entry in LDAP."
msgid "The object class of a host entry in LDAP."
msgstr "La clase de objeto de una entrada de usuario en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipService"
msgstr "Por defecto: ipService"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ad_hostname (string)"
msgid "ldap_host_name (string)"
msgstr "ad_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "The LDAP attribute that corresponds to the group name."
msgid "The LDAP attribute that corresponds to the host's name."
msgstr "El atributo LDAP que corresponde al nombre de grupo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_sudo_hostnames (string)"
msgid "ldap_host_fqdn (string)"
msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "The LDAP attribute that corresponds to the user's full name."
"The LDAP attribute that corresponds to the host's fully-qualified domain "
msgstr "El atributo LDAP que corresponde al nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: cn"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_dns_service_name (string)"
msgid "ldap_host_serverhostname (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "Default: sudoHost"
msgid "Default: serverHostname"
msgstr "Por defecto: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_user_member_of (string)"
msgid "ldap_host_member_of (string)"
msgstr "ldap_user_member_of (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "The LDAP attribute that lists the user's group memberships."
msgid "The LDAP attribute that lists the host's group memberships."
msgstr "El atributo LDAP que lista los afiliación a grupo de usario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ipa_host_search_base (string)"
msgid "ldap_host_search_base (string)"
msgstr "ipa_host_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Optional. Use the given string as search base for host objects."
msgstr "Opcional. Usa la cadena dada como base de búsqueda para objetos host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"See <quote>ldap_search_base</quote> for information about configuring "
"Vea <quote>ldap_search_base</quote> para información sobre la configuración "
"de múltiples bases de búsqueda."
#. type: Content of: <listitem><para>
msgid "Default: the value of <emphasis>ldap_search_base</emphasis>"
msgstr "Predeterminado: el valor de <emphasis>ldap_search_base</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_user_ssh_public_key (string)"
msgid "ldap_host_ssh_public_key (string)"
msgstr "ldap_user_ssh_public_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "The LDAP attribute that contains the user's SSH public keys."
msgid "The LDAP attribute that contains the host's SSH public keys."
msgstr "El atributo LDAP que contiene las claves públicas SSH del usuario."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_sasl_authid (string)"
msgid "ldap_host_uuid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "The LDAP attribute that contains the port managed by this service."
msgid "The LDAP attribute that contains the
UUID/GUID of an LDAP host object."
msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_service_object_class (string)"
msgstr "ldap_service_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The object class of a service entry in LDAP."
msgstr "La clase objeto de una entrada de servicio en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_service_name (string)"
msgstr "ldap_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains the name of service attributes and their "
"El atributo LDAP que contiene el nombre de servicio de atributos y sus alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_service_port (string)"
msgstr "ldap_service_port (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that contains the port managed by this service."
msgstr "El atributo LDAP que contiene el puerto manejado por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipServicePort"
msgstr "Por defecto: ipServicePort"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_service_proto (string)"
msgstr "ldap_service_proto (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that contains the protocols understood by this service."
"El atributo LDAP que contiene los protocolos entendidos por este servicio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipServiceProtocol"
msgstr "Por defecto: ipServiceProtocol"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_service_search_base (string)"
msgstr "ldap_service_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_search_timeout (integer)"
msgstr "ldap_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the timeout (in seconds) that ldap searches are allowed to run "
"before they are cancelled and cached results are returned (and offline mode "
"Especifica el tiempo de salida (en segundos) que la búsqueda ldap está "
"permitida para correr antes que de quea cancelada y los resultados "
"escondidos devueltos (y se entra en modo fuera de línea)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: this option is subject to change in future versions of the SSSD. It "
"will likely be replaced at some point by a series of timeouts for specific "
"Nota: esta opción será sujeto de cambios en las futuras versiones del SSSD. "
"Probablemente será sustituido en algunos puntos por una serie de tiempos de "
"espera para tipos específicos de búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_enumeration_search_timeout (integer)"
msgstr "ldap_enumeration_search_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the timeout (in seconds) that ldap searches for user and group "
"enumerations are allowed to run before they are cancelled and cached results "
"are returned (and offline mode is entered)"
"Especifica el tiempo de espera (en segundos) en los que las búsquedas ldap "
"de enumeraciones de usuario y grupo están permitidas de correr antes de que "
"sean canceladas y devueltos los resultados escondidos (y se entra en modo "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_network_timeout (integer)"
msgstr "ldap_network_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the timeout (in seconds) after which the <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
"manvolnum> </citerefentry> following a <citerefentry> "
"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
"citerefentry> returns in case of no activity."
"Especifica el tiempo de salida (en segudos) después del cual <citerefentry> "
"<refentrytitle>poll</refentrytitle> <manvolnum>2</manvolnum> </citerefentry>/"
"<citerefentry> <refentrytitle>select</refentrytitle> <manvolnum>2</"
"manvolnum> </citerefentry> siguiendo un <citerefentry> "
"<refentrytitle>connect</refentrytitle> <manvolnum>2</manvolnum> </"
"citerefentry> vuelve en caso de no actividad."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_opt_timeout (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies a timeout (in seconds) after which calls to synchronous LDAP APIs "
"will abort if no response is received. Also controls the timeout when "
"communicating with the KDC in case of SASL bind, the timeout of an LDAP bind "
"operation, password change extended operation and the StartTLS operation."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_connection_expire_timeout (integer)"
msgstr "ldap_connection_expire_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies a timeout (in seconds) that a connection to an LDAP server will be "
"maintained. After this time, the connection will be re-established. If used "
"in parallel with
SASL/GSSAPI, the sooner of the two values (this value vs. "
"the TGT lifetime) will be used."
"Especifica un tiempo de espera (en segundos) en el que se mantendrá una "
"conexión a un servidor LDAP. Después de este tiempo, la conexión será "
"restablecida. Si su usa en paralelo con
SASL/GSSAPI, se usará el valor más "
"temprano (este valor contra el tiempo de vida TGT)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 900 (15 minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_page_size (integer)"
msgstr "ldap_page_size (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specify the number of records to retrieve from LDAP in a single request. "
"Some LDAP servers enforce a maximum limit per-request."
"Especifica el número de registros a recuperar desde una única petición LDAP. "
"Algunos servidores LDAP hacen cumplir un límite máximo por petición."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: 1000"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_disable_paging (boolean)"
msgstr "ldap_disable_paging (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Disable the LDAP paging control. This option should be used if the LDAP "
"server reports that it supports the LDAP paging control in its RootDSE but "
"it is not enabled or does not behave properly."
"Deshabilita el control de paginación LDAP. Esta opción se debería usar si el "
"servidor LDAP reporta que soporta el control de paginación LDAP en sus "
"RootDSE pero no está habilitado o no se comporta apropiadamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Example: OpenLDAP servers with the paging control module installed on the "
"server but not enabled will report it in the RootDSE but be unable to use it."
"Ejemplo: los servidores OpenLDAP con el módulo de control de paginación "
"instalado sobre el servidor pero no habilitado lo reportarán en el RootDSE "
"pero es incapaz de usarlo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Example: 389 DS has a bug where it can only support a one paging control at "
"a time on a single connection. On busy clients, this can result in some "
"Ejemplo: 389 DS tiene un bug donde puede sólo soportar un control de "
"paginación a la vez en una única conexión. Sobre clientes ocupados, esto "
"puede ocasionar que algunas peticiones sean denegadas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_disable_range_retrieval (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Disable Active Directory range retrieval."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Active Directory limits the number of members to be retrieved in a single "
"lookup using the MaxValRange policy (which defaults to 1500 members). If a "
"group contains more members, the reply would include an AD-specific range "
"extension. This option disables parsing of the range extension, therefore "
"large groups will appear as having no members."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sasl_minssf (integer)"
msgstr "ldap_sasl_minssf (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When communicating with an LDAP server using SASL, specify the minimum "
"security level necessary to establish the connection. The values of this "
"option are defined by OpenLDAP."
"Cuando se está comunicando con un servidor LDAP usando SASL, especifica el "
"nivel de seguridad mínimo necesario para establecer la conexión. Los valores "
"de esta opción son definidos por OpenLDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: Use the system default (usually specified by
ldap.conf)"
"Por defecto: Usa el sistema por defecto (normalmente especificado por ldap."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_deref_threshold (integer)"
msgstr "ldap_deref_threshold (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specify the number of group members that must be missing from the internal "
"cache in order to trigger a dereference lookup. If less members are missing, "
"they are looked up individually."
"Especifica el número de miembros del grupo que deben estar desaparecidos "
"desde el escondrijo interno con el objetivo de disparar una búsqueda "
"deference. Si hay menos miembros desaparecidos, se buscarán individualmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"You can turn off dereference lookups completely by setting the value to 0."
"Usted puede quitar las búsquedas dereference completamente fijando el valor "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A dereference lookup is a means of fetching all group members in a single "
"LDAP call. Different LDAP servers may implement different dereference "
"methods. The currently supported servers are 389/RHDS, OpenLDAP and Active "
"Una búsqueda dereference es un medio de descargar todos los miembros del "
"grupo en una única llamada LDAP. Servidores diferentes LDAP pueden "
"implementar diferentes métodos dereference. Los servidores actualmente "
"soportados son 389/RHDS, OpenLDAP y Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>Note:</emphasis> If any of the search bases specifies a search "
"filter, then the dereference lookup performance enhancement will be disabled "
"regardless of this setting."
"<emphasis>Nota:</emphasis> Si alguna de las bases de búsqueda especifica un "
"filtro de búsqueda, la mejora del rendimiento de la búsqueda dereference "
"será deshabilitado sin tener en cuenta este ajuste."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_tls_reqcert (string)"
msgstr "ldap_tls_reqcert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies what checks to perform on server certificates in a TLS session, if "
"any. It can be specified as one of the following values:"
"Especifica que comprobaciones llevar a cabo sobre los certificados del "
"servidor en una sesión TLS, si las hay. Puede ser especificado como uno de "
"los siguientes valores:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>never</emphasis> = The client will not request or check any server "
"<emphasis>never</emphasis> = El cliente no pedirá o comprobará ningún "
"certificado de servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>allow</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
"is provided, it will be ignored and the session proceeds normally."
"<emphasis>allow</emphasis> = Se pide el certificado del servidor. Si no se "
"suministra certificado, la sesión sigue normalmente. Si se suministra un "
"certificado malo, será ignorado y la sesión continua normalmente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>try</emphasis> = The server certificate is requested. If no "
"certificate is provided, the session proceeds normally. If a bad certificate "
"is provided, the session is immediately terminated."
"<emphasis>try</emphasis> = Se pide el certificado del servidor. Si no se "
"suministra certificado, la sesión continua normalmente. Si se suministra un "
"certificado malo, la sesión se termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>demand</emphasis> = The server certificate is requested. If no "
"certificate is provided, or a bad certificate is provided, the session is "
"immediately terminated."
"<emphasis>demand</emphasis> = Se pide el certificado del servidor. Si no se "
"suministra certificado, o se suministra un certificado malo, la sesión se "
"termina inmediatamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>hard</emphasis> = Same as <quote>demand</quote>"
msgstr "<emphasis>hard</emphasis> = Igual que <quote>demand</quote>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: hard"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_tls_cacert (string)"
msgstr "ldap_tls_cacert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the file that contains certificates for all of the Certificate "
"Authorities that <command>sssd</command> will recognize."
"Especifica el fichero que contiene los certificados de todas las Autoridades "
"de Certificación que <command>sssd</command> reconocerá."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Por defecto: use los valores por defecto OpenLDAP, normalmente en <filename>/"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_tls_cacertdir (string)"
msgstr "ldap_tls_cacertdir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the path of a directory that contains Certificate Authority "
"certificates in separate individual files. Typically the file names need to "
"be the hash of the certificate followed by '.0'. If available, "
"<command>cacertdir_rehash</command> can be used to create the correct names."
"Especifica la ruta de un directorio que contiene los certificados de las "
"Autoridades de Certificación en ficheros individuales separados. Normalmente "
"los nombres de fichero necesita ser el hash del certificado seguido por "
"‘.0’. si esta disponible <command>cacertdir_rehash</command> puede ser usado "
"para crear los nombres correctos."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_tls_cert (string)"
msgstr "ldap_tls_cert (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specifies the file that contains the certificate for the client's key."
"Especifica el fichero que contiene el certificado para la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_tls_key (string)"
msgstr "ldap_tls_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specifies the file that contains the client's key."
msgstr "Especifica el archivo que contiene la clave del cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_tls_cipher_suite (string)"
msgstr "ldap_tls_cipher_suite (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies acceptable cipher suites. Typically this is a colon separated "
"list. See <citerefentry><refentrytitle>
ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry> for format."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_id_use_start_tls (boolean)"
msgstr "ldap_id_use_start_tls (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies that the id_provider connection must also use <systemitem class="
"\"protocol\">tls</systemitem> to protect the channel."
"Especifica que la id_de proveedor de la conexión debe también utilizar "
"<systemitem class=\"protocol\">tls</systemitem> para proteger el canal."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_id_mapping (boolean)"
msgstr "ldap_id_mapping (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies that SSSD should attempt to map user and group IDs from the "
"ldap_user_objectsid and ldap_group_objectsid attributes instead of relying "
"on ldap_user_uid_number and ldap_group_gid_number."
"Especifica que SSSD intentaría mapear las IDs de usuario y grupo desde los "
"atributos ldap_user_objectsid y ldap_group_objectsid en lugar de apoyarse en "
"ldap_user_uid_number y ldap_group_gid_number."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Currently this feature supports only ActiveDirectory objectSID mapping."
"Actualmente está función soporta sólo mapeos de objectSID de ActiveDirectory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_min_id, ldap_max_id (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"In contrast to the SID based ID mapping which is used if ldap_id_mapping is "
"set to true the allowed ID range for ldap_user_uid_number and "
"might lead to ID collisions. To avoid collisions ldap_min_id and ldap_max_id "
"can be set to restrict the allowed range for the IDs which are read directly "
"from the server. Sub-domains can then pick other ranges to map IDs."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set (both options are set to 0)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sasl_mech (string)"
msgstr "ldap_sasl_mech (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specify the SASL mechanism to use. Currently only GSSAPI is tested and "
"Especifica el mecanismo SASL a emplear. Actualmente sólo GSSAPI está "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sasl_authid (string)"
msgstr "ldap_sasl_authid (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specify the SASL authorization id to use. When GSSAPI is used, this "
"represents the Kerberos principal used for authentication to the directory. "
"This option can either contain the full principal (for example host/"
"myhost@EXAMPLE.COM) or just the principal name (for example
host/myhost)."
"Especifica la id de autorización SASL a usar. Cuando se usa GSSAPI, esto "
"representa el Kerberos principal usado para autenticación al directorio. "
"Esta opción puede contener el principal completo (por ejemplo host/"
"myhost@EXAMPLE.COM) o sólo en nombre principal (por ejemplo
host/myhost)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sasl_realm (string)"
msgstr "ldap_sasl_realm (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specify the SASL realm to use. When not specified, this option defaults to "
"the value of krb5_realm. If the ldap_sasl_authid contains the realm as "
"well, this option is ignored."
"Especifica el reino SASL a usar. Cuando no se especifica, esta opción se "
"pone por defecto al valor de krb5_realm. Si ldap_sasl_authid contiene el "
"reino también, esta opción se ignora."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: the value of krb5_realm."
msgstr "Por defecto: el valor de krb5_realm."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sasl_canonicalize (boolean)"
msgstr "ldap_sasl_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If set to true, the LDAP library would perform a reverse lookup to "
"canonicalize the host name during a SASL bind."
"Si se fija en true, la librería LDAP llevaría a cabo una búsqueda inversa "
"para para canocalizar el nombre de host durante una unión SASL."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: false;"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_krb5_keytab (string)"
msgstr "ldap_krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specify the keytab to use when using
SASL/GSSAPI."
msgstr "Especifica la keytab a usar cuando se utilice
SASL/GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_krb5_init_creds (boolean)"
msgstr "ldap_krb5_init_creds (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies that the id_provider should init Kerberos credentials (TGT). This "
"action is performed only if SASL is used and the mechanism selected is "
"Especifica la id de proveedor que iniciaría las credenciales Kerberos (TGT). "
"Esta acción se lleva a cabo sólo si SASL se usa y el mecanismo seleccionado "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_krb5_ticket_lifetime (integer)"
msgstr "ldap_krb5_ticket_lifetime (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specifies the lifetime in seconds of the TGT if GSSAPI is used."
msgstr "Especifica el tiempo de vida en segundos del TGT si se usa GSSAPI."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 86400 (24 hours)"
msgstr "Predeterminado: 86400 (24 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_server, krb5_backup_server (string)"
msgstr "krb5_server, krb5_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect in the order of preference. "
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
"colon) may be appended to the addresses or hostnames. If empty, service "
"discovery is enabled - for more information, refer to the <quote>SERVICE "
"DISCOVERY</quote> section."
"Especifica una lista separada por comas de direcciones IP o nombres de host "
"de los servidores Kerberos a los cuales se conectaría SSSD en orden de "
"preferencia. Para más información sobre failover y redundancia de servidor, "
"vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional "
"(precedido de dos puntos) puede ser añadido a las direcciones o nombres de "
"host. Si está vacío, el servicio descubridor está habilitado – para más "
"información, vea la sección <quote>SERVICE DISCOVERY</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using service discovery for KDC or kpasswd servers, SSSD first searches "
"for DNS entries that specify _udp as the protocol and falls back to _tcp if "
"Cuando se utiliza el servicio descubiertos para servidores KDC o kpasswd, "
"SSSD primero busca entradas DNS que especifiquen _udop como protocolo y "
"regresa a _tcp si no se encuentra nada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option was named <quote>krb5_kdcip</quote> in earlier releases of SSSD. "
"While the legacy name is recognized for the time being, users are advised to "
"migrate their config files to use <quote>krb5_server</quote> instead."
"Este opción se llamaba <quote>krb5_kdcip</quote> en las revisiones más "
"tempranas de SSSD. Mientras el legado de nombre se reconoce por el tiempo "
"que sea, los usuarios son advertidos para migrar sus ficheros de "
"configuración para usar <quote>krb5_server</quote> en su lugar."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_realm (string)"
msgstr "krb5_realm (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specify the Kerberos REALM (for
SASL/GSSAPI auth)."
msgstr "Especifica el REALM Kerberos (para autorización
SASL/GSSAPI)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: System defaults, see <filename>
/etc/krb5.conf</filename>"
"Predeterminado: Predeterminados del sistema, vea <filename>
/etc/krb5.conf</"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_canonicalize (boolean)"
msgstr "krb5_canonicalize (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies if the host principal should be canonicalized when connecting to "
"LDAP server. This feature is available with MIT Kerberos >= 1.7"
"Especifica si el host principal sería estandarizado cuando se conecte a un "
"servidor LDAP. Esta función está disponible con MIT Kerberos >= 1.7"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_use_kdcinfo (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies if the SSSD should instruct the Kerberos libraries what realm and "
"which KDCs to use. This option is on by default, if you disable it, you need "
"to configure the Kerberos library using the <citerefentry> "
"<refentrytitle>
krb5.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> configuration file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"See the <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> manual page for more "
"information on the locator plugin."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_pwd_policy (string)"
msgstr "ldap_pwd_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Select the policy to evaluate the password expiration on the client side. "
"The following values are allowed:"
"Seleccione la política para evaluar la caducidad de la contraseña en el lado "
"del cliente. Los siguientes valores son permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>none</emphasis> - No evaluation on the client side. This option "
"cannot disable server-side password policies."
"<emphasis>none</emphasis> - Sin evaluación en el lado cliente. Esta opción "
"no puede deshabilitar las políticas de password en el lado servidor."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>shadow</emphasis> - Use <citerefentry><refentrytitle>shadow</"
"refentrytitle> <manvolnum>5</manvolnum></citerefentry> style attributes to "
"evaluate if the password has expired."
"<emphasis>shadow</emphasis> - Usa los atributos de estilo "
"<citerefentry><refentrytitle>shadow</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry> para evaluar si la contraseña ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>mit_kerberos</emphasis> - Use the attributes used by MIT Kerberos "
"to determine if the password has expired. Use chpass_provider=krb5 to update "
"these attributes when the password is changed."
"<emphasis>mit_kerberos</emphasis> - Usa los atributos utilizados por MIT "
"Kerberos para determinar si el password ha expirado. Use "
"chpass_provider=krb5 para actualizar estos atributos cuando se cambia el "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>Note</emphasis>: if a password policy is configured on server "
"side, it always takes precedence over policy set with this option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_referrals (boolean)"
msgstr "ldap_referrals (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specifies whether automatic referral chasing should be enabled."
"Especifica si el seguimiento de referencias automático debería ser "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that sssd only supports referral chasing when it is compiled "
"with OpenLDAP version 2.4.13 or higher."
"Por favor advierta que sssd sólo soporta seguimiento de referencias cuando "
"está compilado con OpenLDAP versión 2.4.13 o más alta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Chasing referrals may incur a performance penalty in environments that use "
"them heavily, a notable example is Microsoft Active Directory. If your setup "
"does not in fact require the use of referrals, setting this option to false "
"might bring a noticeable performance improvement."
"Al perseguir referencia se puede incurrir en una penalización de rendimiento "
"en entornos que lo usen pesadamente, un ejemplo notable es Microsoft Active "
"Directory. Si su ajuste no requieren de hecho el uso de referencias, fijar "
"esta opción a false le llevará a una notable mejora de rendimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_dns_service_name (string)"
msgstr "ldap_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specifies the service name to use when service discovery is enabled."
"Especifica el nombre del servicio para utilizar cuando está habilitado el "
"servicio de descubrimiento."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: ldap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_chpass_dns_service_name (string)"
msgstr "ldap_chpass_dns_service_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the service name to use to find an LDAP server which allows "
"password changes when service discovery is enabled."
"Especifica el nombre del servicio para utilizar al buscar un servidor LDAP "
"que permita cambios de contraseña cuando está habilitado el servicio de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set,
i.e. service discovery is disabled"
msgstr "Por defecto: no fijado, esto es servicio descubridor deshabilitado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_chpass_update_last_change (bool)"
msgstr "ldap_chpass_update_last_change (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies whether to update the ldap_user_shadow_last_change attribute with "
"days since the Epoch after a password change operation."
"Especifica si actualizar el atributo ldap_user_shadow_last_change con días "
"desde el Epoch después de una operación de cambio de contraseña."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_access_filter (string)"
msgstr "ldap_access_filter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If using access_provider = ldap and ldap_access_order = filter (default), "
"this option is mandatory. It specifies an LDAP search filter criteria that "
"must be met for the user to be granted access on this host. If "
"access_provider = ldap, ldap_access_order = filter and this option is not "
"set, it will result in all users being denied access. Use access_provider = "
"permit to change this default behavior. Please note that this filter is "
"applied on the LDAP user entry only and thus filtering based on nested "
"groups may not work (
e.g. memberOf attribute on AD entries points only to "
"direct parents). If filtering based on nested groups is required, please see "
"<citerefentry> <refentrytitle>sssd-simple</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
"access_provider = ldap\n"
"ldap_access_filter = (employeeType=admin)\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This example means that access to this host is restricted to users whose "
"employeeType attribute is set to \"admin\"."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Offline caching for this feature is limited to determining whether the "
"user's last online login was granted access permission. If they were granted "
"access during their last login, they will continue to be granted access "
"while offline and vice versa."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: vacío"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_account_expire_policy (string)"
msgstr "ldap_account_expire_policy (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"With this option a client side evaluation of access control attributes can "
"Con esta opción pueden ser habilitados los atributos de evaluación de "
"control de acceso del lado cliente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that it is always recommended to use server side access control, "
"
i.e. the LDAP server should deny the bind request with a suitable error code "
"even if the password is correct."
"Por favor advierta que siempre se recomienda utilizar el control de acceso "
"del lado servidor, esto es el servidor LDAP denegaría petición de enlace con "
"una código de error definible aunque el password sea correcto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The following values are allowed:"
msgstr "Los siguientes valores están permitidos:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>shadow</emphasis>: use the value of ldap_user_shadow_expire to "
"determine if the account is expired."
"<emphasis>shadow</emphasis>: usa el valor de ldap_user_shadow_expire para "
"determinar si la cuenta ha expirado."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>ad</emphasis>: use the value of the 32bit field "
"ldap_user_ad_user_account_control and allow access if the second bit is not "
"set. If the attribute is missing access is granted. Also the expiration time "
"of the account is checked."
"<emphasis>ad</emphasis>: usa el valor del campo de 32 bit "
"ldap_user_ad_user_account_control y permite el acceso si el segundo bit no "
"está fijado. Si el atributo está desaparecido se concede el acceso. También "
"se comprueba el tiempo de expiración de la cuenta."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: use the value of ldap_ns_account_lock to check if access is "
"<emphasis>rhds</emphasis>, <emphasis>ipa</emphasis>, <emphasis>389ds</"
"emphasis>: usa el valor de ldap_ns_account_lock para comprobar si se permite "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>nds</emphasis>: the values of "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled and "
"ldap_user_nds_login_expiration_time are used to check if access is allowed. "
"If both attributes are missing access is granted."
"<emphasis>nds</emphasis>: los valores de "
"ldap_user_nds_login_allowed_time_map, ldap_user_nds_login_disabled y "
"ldap_user_nds_login_expiration_time se usan para comprobar si el acceso está "
"permitido. Si ambos atributos están desaparecidos se concede el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that the ldap_access_order configuration option <emphasis>must</"
"emphasis> include <quote>expire</quote> in order for the "
"ldap_account_expire_policy option to work."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_access_order (string)"
msgstr "ldap_access_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Comma separated list of access control options. Allowed values are:"
"Lista separada por coma de opciones de control de acceso. Los valores "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>filter</emphasis>: use ldap_access_filter"
msgstr "<emphasis>filtro</emphasis>: utilizar ldap_access_filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>lockout</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
"and has value of '000001010000Z'. Please see the option ldap_pwdlockout_dn. "
"Please note that 'access_provider = ldap' must be set for this feature to "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis> Please note that this option is superseded by the <quote>ppolicy</"
"quote> option and might be removed in a future release. </emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>ppolicy</emphasis>: use account locking. If set, this option "
"denies access in case that ldap attribute 'pwdAccountLockedTime' is present "
"and has value of '000001010000Z' or represents any time in the past. The "
"value of the 'pwdAccountLockedTime' attribute must end with 'Z', which "
"denotes the UTC time zone. Other time zones are not currently supported and "
"will result in \"access-denied\" when users attempt to log in. Please see "
"the option ldap_pwdlockout_dn. Please note that 'access_provider = ldap' "
"must be set for this feature to work."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>expire</emphasis>: use ldap_account_expire_policy"
msgstr "<emphasis>caducar</emphasis>: utilizar ldap_account_expire_policy"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>pwd_expire_policy_reject, pwd_expire_policy_warn, "
"pwd_expire_policy_renew: </emphasis> These options are useful if users are "
"interested in being warned that password is about to expire and "
"authentication is based on using a different method than passwords - for "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The difference between these options is the action taken if user password is "
"expired: pwd_expire_policy_reject - user is denied to log in, "
"pwd_expire_policy_warn - user is still able to log in, "
"pwd_expire_policy_renew - user is prompted to change his password "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note If user password is expired no explicit message is prompted by SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that 'access_provider = ldap' must be set for this feature to "
"work. Also 'ldap_pwd_policy' must be set to an appropriate password policy."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>authorized_service</emphasis>: use the authorizedService attribute "
"<emphasis>authorized_service</emphasis>: utilizar el atributo "
"autorizedService para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>host</emphasis>: use the host attribute to determine access"
"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "<emphasis>host</emphasis>: use the host attribute to determine access"
"<emphasis>rhost</emphasis>: use the rhost attribute to determine whether "
"<emphasis>host</emphasis>: usa el atributo host para determinar el acceso"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note, rhost field in pam is set by application, it is better to check "
"what the application sends to pam, before enabling this access control option"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: filter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that it is a configuration error if a value is used more than "
"Tenga en cuenta que es un error de configuración si un valor es usado más de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_pwdlockout_dn (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option specifies the DN of password policy entry on LDAP server. Please "
"note that absence of this option in
sssd.conf in case of enabled account "
"lockout checking will yield access denied as ppolicy attributes on LDAP "
"server cannot be checked properly."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Example: cn=ppolicy,ou=policies,dc=example,dc=com"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: cn=ppolicy,ou=policies,$ldap_search_base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_deref (string)"
msgstr "ldap_deref (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies how alias dereferencing is done when performing a search. The "
"following options are allowed:"
"Especifica cómo se hace la eliminación de referencias al alias cuando se "
"lleva a cabo una búsqueda. Están permitidas las siguientes opciones:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>never</emphasis>: Aliases are never dereferenced."
"<emphasis>never</emphasis>: Nunca serán eliminadas las referencias al alias."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>searching</emphasis>: Aliases are dereferenced in subordinates of "
"the base object, but not in locating the base object of the search."
"<emphasis>searching</emphasis>: Las referencias al alias son eliminadas en "
"subordinadas del objeto base, pero no en localización del objeto base de la "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>finding</emphasis>: Aliases are only dereferenced when locating "
"the base object of the search."
"<emphasis>finding</emphasis>: Sólo se eliminarán las referencias a alias "
"cuando se localice el objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>always</emphasis>: Aliases are dereferenced both in searching and "
"in locating the base object of the search."
"<emphasis>always</emphasis>: Las referencias al alias se eliminarán tanto "
"para la búsqueda como en la localización del objeto base de la búsqueda."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: Empty (this is handled as <emphasis>never</emphasis> by the LDAP "
"Por defecto: Vacío (esto es manejado como <emphasis>nunca</emphasis> por las "
"librerías cliente LDAP)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_rfc2307_fallback_to_local_users (boolean)"
msgstr "ldap_rfc2307_fallback_to_local_users (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Allows to retain local users as members of an LDAP group for servers that "
"use the RFC2307 schema."
"Permite retener los usuarios locales como miembros de un grupo LDAP para "
"servidores que usan el esquema RFC2307."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"In some environments where the RFC2307 schema is used, local users are made "
"members of LDAP groups by adding their names to the memberUid attribute. "
"The self-consistency of the domain is compromised when this is done, so SSSD "
"would normally remove the \"missing\" users from the cached group "
"memberships as soon as nsswitch tries to fetch information about the user "
"via getpw*() or initgroups() calls."
"En algunos entornos donde se usa el esquema RFC2307, los usuarios locales "
"son hechos miembros de los grupos LDAP añadiendo sus nombres al atributo "
"memberUid. La autoconsistencia del dominio se ve comprometida cuando se hace "
"esto, de modo que SSSD debería normalmente quitar los usuarios "
"“desparecidos” de las afiliaciones a grupos escondidas tan pronto como "
"nsswitch intenta ir a buscar información del usuario por medio de las "
"llamadas getpw*() o initgroups()."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option falls back to checking if local users are referenced, and caches "
"them so that later initgroups() calls will augment the local users with the "
"additional LDAP groups."
"Esta opción cae de nuevo en comprobar si los usuarios locales están "
"referenciados, y los almacena en caché de manera que más tarde las llamadas "
"initgroups() aumentará los usuarios locales con los grupos LDAP adicionales."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#| msgid "ldap_opt_timeout (integer)"
msgid "wildcard_limit (integer)"
msgstr "ldap_opt_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies an upper limit on the number of entries that are downloaded during "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "At the moment, only the InfoPipe responder supports wildcard lookups."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 1000 (often the size of one page)"
#. type: Content of: <reference><refentry><refsect1><para>
"All of the common configuration options that apply to SSSD domains also "
"apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> section "
"of the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for full details. <placeholder type="
"\"variablelist\" id=\"0\"/>"
"Todas las opciones de configuración comunes que se aplican a los dominios "
"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"The detailed instructions for configuration of sudo_provider are in the "
"manual page <citerefentry> <refentrytitle>sssd-sudo</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_object_class (string)"
msgstr "ldap_sudorule_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The object class of a sudo rule entry in LDAP."
msgstr "El objeto clase de una regla de entrada sudo en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoRole"
msgstr "Por defecto: sudoRole"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_name (string)"
msgstr "ldap_sudorule_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the sudo rule name."
msgstr "El atributo LDAP que corresponde a la regla nombre de sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_command (string)"
msgstr "ldap_sudorule_command (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the command name."
msgstr "El atributo LDAP que corresponde al nombre de comando."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoCommand"
msgstr "Por defecto: sudoCommand"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_host (string)"
msgstr "ldap_sudorule_host (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that corresponds to the host name (or host IP address, "
"host IP network, or host netgroup)"
"El atributo LDAP que corresponde al nombre de host (o dirección IP del host, "
"red IP del host o grupo de red del host)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoHost"
msgstr "Por defecto: sudoHost"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_user (string)"
msgstr "ldap_sudorule_user (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that corresponds to the user name (or UID, group name or "
"El atributo LDAP que corresponde al nombre de usuario (o UID. nombre de "
"grupo o grupo de red del usuario)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoUser"
msgstr "Por defecto: sudoUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_option (string)"
msgstr "ldap_sudorule_option (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the sudo options."
msgstr "El atributo LDAP que corresponde a las opciones sudo."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoOption"
msgstr "Por defecto: sudoOption"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_runasuser (string)"
msgstr "ldap_sudorule_runasuser (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that corresponds to the user name that commands may be "
"El atributo LDAP que corresponde al nombre de usuario que los comandos "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoRunAsUser"
msgstr "Por defectot: sudoRunAsUser"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_runasgroup (string)"
msgstr "ldap_sudorule_runasgroup (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that corresponds to the group name or group GID that "
"commands may be run as."
"El atributo LDAP que corresponde al nombre de grupo o GID de grupo que puede "
"ejecutar comandos como."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoRunAsGroup"
msgstr "Por defecto: sudoRunAsGroup"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_notbefore (string)"
msgstr "ldap_sudorule_notbefore (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that corresponds to the start
date/time for when the sudo "
"El atributo LDAP que corresponde al inicio de
fecha/hora para cuando la "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoNotBefore"
msgstr "Por defecto: sudoNotBefore"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_notafter (string)"
msgstr "ldap_sudorule_notafter (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The LDAP attribute that corresponds to the expiration
date/time, after which "
"the sudo rule will no longer be valid."
"El atributo LDAP que corresponde a la
fecha/hora final, después de la cual "
"la regla sudo dejará de ser válida."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoNotAfter"
msgstr "Por defecto: sudoNotAfter"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudorule_order (string)"
msgstr "ldap_sudorule_order (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The LDAP attribute that corresponds to the ordering index of the rule."
msgstr "El atributo LDAP que corresponde al índice de ordenación de la regla."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: sudoOrder"
msgstr "Por defecto: sudoOrder"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_full_refresh_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds SSSD will wait between executing a full refresh of sudo "
"rules (which downloads all rules that are stored on the server)."
"Cuantos segundos esperará SSSD entre ejecutar un refresco total de las "
"reglas sudo (que descarga todas las reglas que están almacenadas en el "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The value must be greater than <emphasis>ldap_sudo_smart_refresh_interval </"
"El valor debe ser mayor que <emphasis>ldap_sudo_smart_refresh_interval </"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 21600 (6 hours)"
msgstr "Por defecto: 21600 (6 horas)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_smart_refresh_interval (integer)"
msgstr "ldap_sudo_smart_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How many seconds SSSD has to wait before executing a smart refresh of sudo "
"rules (which downloads all rules that have USN higher than the highest USN "
"Cuantos segundos tiene que esperar SSSD antes de ejecutar una actualización "
"inteligente de las reglas sudo (que descarga todas las reglas que tienen "
"USBN más alto que el USN más alto de las reglas escondidas)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If USN attributes are not supported by the server, the modifyTimestamp "
"attribute is used instead."
"Si los atributos USN no se soportan por el servidor, se usa en su lugar el "
"atributo modifyTimestamp."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_use_host_filter (boolean)"
msgstr "ldap_sudo_use_host_filter (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If true, SSSD will download only rules that are applicable to this machine "
"(using the IPv4 or IPv6
host/network addresses and hostnames)."
"Si es true, SSSD descargará sólo las reglas que son aplicables a esta "
"máquina (usando las direcciones de
host/red y nombres de host IPv4 o IPv6)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_hostnames (string)"
msgstr "ldap_sudo_hostnames (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Space separated list of hostnames or fully qualified domain names that "
"should be used to filter the rules."
"Lista separada por espacios de nombres de host o nombres de dominio "
"totalmente cualificados que sería usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If this option is empty, SSSD will try to discover the hostname and the "
"fully qualified domain name automatically."
"Si esta opción está vacía, SSSD intentará descubrir el nombre de host y el "
"nombre de dominio totalmente cualificado automáticamente."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If <emphasis>ldap_sudo_use_host_filter</emphasis> is <emphasis>false</"
"emphasis> then this option has no effect."
"Si <emphasis>ldap_sudo_use_host_filter</emphasis> es <emphasis>false</"
"emphasis> esta opción no tiene efecto."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: not specified"
msgstr "Por defecto: no especificado"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_ip (string)"
msgstr "ldap_sudo_ip (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Space separated list of IPv4 or IPv6
host/network addresses that should be "
"used to filter the rules."
"Lista separada por espacios de direcciones de
host/red IPv4 o IPv6 que sería "
"usada para filtrar las reglas."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If this option is empty, SSSD will try to discover the addresses "
"esta opción está vacía, SSSD intentará descrubrir las direcciones "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_include_netgroups (boolean)"
msgstr "sudo_include_netgroups (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If true then SSSD will download every rule that contains a netgroup in "
"Si está a true SSSD descargará cada regla que contenga un grupo de red en el "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_include_regexp (boolean)"
msgstr "ldap_sudo_include_regexp (booleano)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If true then SSSD will download every rule that contains a wildcard in "
"Si es verdad SSSD descargará cada regla que contenga un comodín en el "
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page only describes attribute name mapping. For detailed "
"explanation of sudo related attribute semantics, see <citerefentry> "
"<refentrytitle>
sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
"Esta página de manual sólo describe el atributo de nombre mapping. Para una "
"explicación detallada de la semántica del atributo relacionada con sudo, vea "
"<citerefentry> <refentrytitle>
sudoers.ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"Some of the defaults for the parameters below are dependent on the LDAP "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_map_master_name (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The name of the automount master map in LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_map_object_class (string)"
msgstr "ldap_autofs_map_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The object class of an automount map entry in LDAP."
msgstr "El objeto clase de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: nisMap (rfc2307, autofs_provider=ad), otherwise automountMap"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_map_name (string)"
msgstr "ldap_autofs_map_name (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The name of an automount map entry in LDAP."
msgstr "El nombre de una entrada de mapa de automontaje en LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: nisMapName (rfc2307, autofs_provider=ad), otherwise automountMapName"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_entry_object_class (string)"
msgstr "ldap_autofs_entry_object_class (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The object class of an automount entry in LDAP. The entry usually "
"corresponds to a mount point."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: nisObject (rfc2307, autofs_provider=ad), otherwise automount"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_entry_key (string)"
msgstr "ldap_autofs_entry_key (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The key of an automount entry in LDAP. The entry usually corresponds to a "
"La clave de una entrada de automontaje en LDAP. La entrada corresponde "
"normalmente a un punto de montaje."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: cn (rfc2307, autofs_provider=ad), otherwise automountKey"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_entry_value (string)"
msgstr "ldap_autofs_entry_value (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: nisMapEntry (rfc2307, autofs_provider=ad), otherwise "
#. type: Content of: <reference><refentry><refsect1><para>
"<placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/> <placeholder type=\"variablelist\" id=\"2\"/> "
"<placeholder type=\"variablelist\" id=\"3\"/> <placeholder type="
"\"variablelist\" id=\"4\"/> <placeholder type=\"variablelist\" id=\"5\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
msgstr "OPCIONES AVANZADAS"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_netgroup_search_base (string)"
msgstr "ldap_netgroup_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_user_search_base (string)"
msgstr "ldap_user_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_group_search_base (string)"
msgstr "ldap_group_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><note><para>
"If the option <quote>ldap_use_tokengroups</quote> is enabled, the searches "
"against Active Directory will not be restricted and return all groups "
"memberships, even with no GID mapping. It is recommended to disable this "
"feature, if group names are not being displayed correctly."
#. type: Content of: <reference><refentry><refsect1><para><variablelist>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_sudo_search_base (string)"
msgstr "ldap_sudo_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ldap_autofs_search_base (string)"
msgstr "ldap_autofs_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para>
"These options are supported by LDAP domains, but they should be used with "
"caution. Please include them in your configuration only if you know what you "
"are doing. <placeholder type=\"variablelist\" id=\"0\"/> <placeholder type="
"\"variablelist\" id=\"1\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and LDAP is "
"set to one of the domains in the <replaceable>[domains]</replaceable> "
"El siguiente ejemplo asume que SSSS está configurado correctamente y LDAP "
"está fijado a uno de los dominios de la sección <replaceable>[domains]</"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"ldap_search_base = dc=mydomain,dc=org\n"
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
#. type: Content of: <refsect1><refsect2><para>
msgid "<placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "LDAP ACCESS FILTER EXAMPLE"
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and to use "
"the ldap_access_order=lockout."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"access_provider = ldap\n"
"ldap_access_order = lockout\n"
"ldap_pwdlockout_dn = cn=ppolicy,ou=policies,dc=mydomain,dc=org\n"
"ldap_search_base = dc=mydomain,dc=org\n"
"ldap_tls_reqcert = demand\n"
"cache_credentials = true\n"
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"The descriptions of some of the configuration options in this manual page "
"are based on the <citerefentry> <refentrytitle>
ldap.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page from the OpenLDAP 2.4 "
"Las descripciones de algunas de las opciones de configuración en esta página "
"de manual están basadas en la página de manual <citerefentry> "
"<refentrytitle>
ldap.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> de la distribución OpenLDAP 2.4."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "PAM module for SSSD"
msgstr "Módulo PAM para SSSD"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>
pam_sss.so</command> <arg choice='opt'> <replaceable>quiet</"
"replaceable> </arg> <arg choice='opt'> <replaceable>forward_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_first_pass</"
"replaceable> </arg> <arg choice='opt'> <replaceable>use_authtok</"
"replaceable> </arg> <arg choice='opt'> <replaceable>retry=N</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_unknown_user</replaceable> </"
"arg> <arg choice='opt'> <replaceable>ignore_authinfo_unavail</replaceable> </"
"arg> <arg choice='opt'> <replaceable>domains=X</replaceable> </arg> <arg "
"choice='opt'> <replaceable>allow_missing_name</replaceable> </arg> <arg "
"choice='opt'> <replaceable>prompt_always</replaceable> </arg>"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>
pam_sss.so</command> is the PAM interface to the System Security "
"Services daemon (SSSD). Errors and results are logged through "
"<command>syslog(3)</command> with the LOG_AUTHPRIV facility."
"<command>
pam_sss.so</command> es la interfaz PAM para el demonio Servicios "
"de Seguridad de Sistema (SSSD). Los errores y resultados son registrados a "
"través de <command>syslog(3)</command> con la facilidad LOG_AUTHPRIV."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>quiet</option>"
msgstr "<option>quiet</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Suppress log messages for unknown users."
msgstr "Suprime el registro de mensajes de usuarios desconocidos."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>forward_pass</option>"
msgstr "<option>forward_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"If <option>forward_pass</option> is set the entered password is put on the "
"stack for other PAM modules to use."
"Si <option>forward_pass</option> está fijada el password introducido se pone "
"en la pila para que lo usen otros módulos PAM."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>use_first_pass</option>"
msgstr "<option>use_first_pass</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The argument use_first_pass forces the module to use a previous stacked "
"modules password and will never prompt the user - if no password is "
"available or the password is not appropriate, the user will be denied access."
"El argumento use_first_pass fuerza al módulo a usar un módulo de password "
"apilado previamente y nunca preguntará al usuario - si no hay password "
"disponible o el password no es apropiado, se denegará el acceso al usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>use_authtok</option>"
msgstr "<option>use_authtok</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"When password changing enforce the module to set the new password to the one "
"provided by a previously stacked password module."
"Cuando cambia el password fuerza al módulo a fijar el nuevo password a uno "
"suministrado por un módulo de password previamente apilado."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>retry=N</option>"
msgstr "<option>retry=N</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"If specified the user is asked another N times for a password if "
"authentication fails. Default is 0."
"Si el usuario especificado es preguntado N veces por un password si la "
"autenticación falla. Por defecto es 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Please note that this option might not work as expected if the application "
"calling PAM handles the user dialog on its own. A typical example is "
"<command>sshd</command> with <option>PasswordAuthentication</option>."
"Por favor advierta que esta opción puede no trabajar como se espera llamando "
"PAM a manejar el diálogo de usuario por el mismo. Un ejecplo típico es "
"<command>sshd</command> con <option>PasswordAuthentication</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>ignore_unknown_user</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"If this option is specified and the user does not exist, the PAM module will "
"return PAM_IGNORE. This causes the PAM framework to ignore this module."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>ignore_authinfo_unavail</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Specifies that the PAM module should return PAM_IGNORE if it cannot contact "
"the SSSD daemon. This causes the PAM framework to ignore this module."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>domains</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Allows the administrator to restrict the domains a particular PAM service is "
"allowed to authenticate against. The format is a comma-separated list of "
"SSSD domain names, as specified in the
sssd.conf file."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"NOTE: Must be used in conjunction with the <quote>pam_trusted_users</quote> "
"and <quote>pam_public_domains</quote> options. Please see the "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for more information on these two PAM "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>allow_missing_name</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The main purpose of this option is to let SSSD determine the user name based "
"on additional information,
e.g. the certificate from a Smartcard."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The current use case are login managers which can monitor a Smartcard reader "
"for card events. In case a Smartcard is inserted the login manager will call "
"a PAM stack which includes a line like <placeholder type=\"programlisting\" "
"id=\"0\"/> In this case SSSD will try to determine the user name based on "
"the content of the Smartcard, returns it to pam_sss which will finally put "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>prompt_always</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Always prompt the user for credentials. With this option credentials "
"requested by other PAM modules, typically a password, will be ignored and "
"pam_sss will prompt for credentials again. Based on the pre-auth reply by "
"SSSD pam_sss might prompt for a password, a Smartcard PIN or other "
#. type: Content of: <reference><refentry><refsect1><title>
msgid "MODULE TYPES PROVIDED"
msgstr "TIPOS DE MÓDULOS SUMINISTRADOS"
#. type: Content of: <reference><refentry><refsect1><para>
"All module types (<option>account</option>, <option>auth</option>, "
"<option>password</option> and <option>session</option>) are provided."
"Todos los tipos de módulos (<option>account</option>, <option>auth</option>, "
"<option>password</option> y <option>session</option>) son suministrados."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"If a password reset by root fails, because the corresponding SSSD provider "
"does not support password resets, an individual message can be displayed. "
"This message can
e.g. contain instructions about how to reset a password."
"Si un password se resetea por un fallo de root, como el correspondiente "
"proveedor SSSD no soporta el reseteo de password, se puede mostrar un "
"mensaje individual. Este mensaje puede, por ejemplo, contener instrucciones "
"sobre como resetear un password."
#. type: Content of: <reference><refentry><refsect1><para>
"filename> where LOC stands for a locale string returned by <citerefentry> "
"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
"citerefentry>. If there is no matching file the content of "
"the owner of the files and only root may have read and write permissions "
"while all other users must have only read permissions."
"filename> donde LOC destaca una cadena de lugar devuelta por <citerefentry> "
"<refentrytitle>setlocale</refentrytitle><manvolnum>3</manvolnum> </"
"citerefentry>. Si no hay fichero coincidente se muestra el contenido de "
"propietario de los ficheros y sólo root puede tener permisos de lectura y "
"escritura mientras que todos los demás usuarios sólo tienen permisos de "
#. type: Content of: <reference><refentry><refsect1><para>
"DOMAIN_NAME/</filename>. If no matching file is present a generic message is "
"DOMAIN_NAME/</filename>. Si no hay archivos coincidentes se muestra un "
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sssd_krb5_locator_plugin"
msgstr "sssd_krb5_locator_plugin"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "Kerberos locator plugin"
#. type: Content of: <reference><refentry><refsect1><para>
"The Kerberos locator plugin <command>sssd_krb5_locator_plugin</command> is "
"used by the Kerberos provider of <citerefentry> <refentrytitle>sssd</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry> to tell the Kerberos "
"libraries what Realm and which KDC to use. Typically this is done in "
"<citerefentry> <refentrytitle>
krb5.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> which is always read by the Kerberos libraries. "
"To simplify the configuration the Realm and the KDC can be defined in "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> as described in <citerefentry> "
"<refentrytitle>sssd-krb5</refentrytitle> <manvolnum>5</manvolnum> </"
#. type: Content of: <reference><refentry><refsect1><para>
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> puts the Realm and the name or IP address of the KDC into "
"the environment variables SSSD_KRB5_REALM and SSSD_KRB5_KDC respectively. "
"When <command>sssd_krb5_locator_plugin</command> is called by the kerberos "
"libraries it reads and evaluates these variables and returns them to the "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry> pone el Reino y el nombre o dirección IP del KDC en las "
"variables de entorno SSSD_KRB5_REALM y SSSD_KRB5_KDC respectivamente. Cuando "
"<command>sssd_krb5_locator_plugin</command> es llamado por las librerías "
"kerberos lee y evalúa estas variables y se las devuelve a las librerías."
#. type: Content of: <reference><refentry><refsect1><para>
"Not all Kerberos implementations support the use of plugins. If "
"<command>sssd_krb5_locator_plugin</command> is not available on your system "
"No todas las implementaciones Kerberos soportan el uso de plugins. Si "
"<command>sssd_krb5_locator_plugin</command> no está disponible en su sistema "
"usted tiene que editar
/etc/krb5.conf para reflejar sus ajustes Kerberos."
#. type: Content of: <reference><refentry><refsect1><para>
"If the environment variable SSSD_KRB5_LOCATOR_DEBUG is set to any value "
"debug messages will be sent to stderr."
"Si la variable de entorno SSSD_KRB5_LOCATOR_DEBUR está fijada a cualquier "
"valor los mensajes de depuración se enviarán a stderr."
#. type: Content of: <reference><refentry><refsect1><para>
"If the environment variable SSSD_KRB5_LOCATOR_DISABLE is set to any value "
"the plugin is disabled and will just return KRB5_PLUGIN_NO_HANDLE to the "
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "the configuration file for SSSD's 'simple' access-control provider"
"el fichero de configuración para en proveedor de control de acceso 'simple' "
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the simple access-control "
"provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax reference, "
"refer to the <quote>FILE FORMAT</quote> section of the <citerefentry> "
"<refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page."
"Esta página de manual describe la configuración del proveedor de control de "
"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de "
"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
"The simple access provider grants or denies access based on an access or "
"deny list of user or group names. The following rules apply:"
"El proveedor de acceso simple otorga o deniega el acceso en base a una lista "
"de acceso o denegación de usuarios o grupo de nombres. Se aplican las "
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
msgid "If all lists are empty, access is granted"
msgstr "Si todas las listas están vacías, se concede acceso"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
"If any list is provided, the order of evaluation is allow,deny. This means "
"that any matching deny rule will supersede any matched allow rule."
"Si se ha suministrado alguna lista, el orden de evaluación es permitir,"
"denegar. Esto significa que cualquier regla de denegación será saltada por "
"cualquier regla de permiso coincidente."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
"If either or both \"allow\" lists are provided, all users are denied unless "
"they appear in the list."
"Si una o ambas listas de \"permiso\" se suministran, todos los usuarios "
"serán denegados a no ser que aparezcan en la lista."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
"If only \"deny\" lists are provided, all users are granted access unless "
"they appear in the list."
"Si sólo se suministran listas de \"denegación\", todos los usuarios "
"obtendran acceso a no ser que aparezcan en la lista."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "simple_allow_users (string)"
msgstr "simple_allow_users (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Comma separated list of users who are allowed to log in."
msgstr "Lista separada por comas de usuarios a los está permitido el acceso."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "simple_deny_users (string)"
msgstr "simple_deny_users (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Comma separated list of users who are explicitly denied access."
"Lista separada por comas de usuarios a los que explicítamente se les deniega "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "simple_allow_groups (string)"
msgstr "simple_allow_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Comma separated list of groups that are allowed to log in. This applies only "
"to groups within this SSSD domain. Local groups are not evaluated."
"Lista separada por comas de grupos que tienen permitido el acceso. Esto se "
"aplica sólo a los grupos dentro del dominio SSSD. Los grupos locales no "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "simple_deny_groups (string)"
msgstr "simple_deny_groups (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Comma separated list of groups that are explicitly denied access. This "
"applies only to groups within this SSSD domain. Local groups are not "
"Lista separada por comas de grupos a los que explicítamente se les deniega "
"el acceso. Esto se aplica sólo a los grupos dentro del dominio SSSD. Los "
"grupos locales no serán evaluados."
#. type: Content of: <reference><refentry><refsect1><para>
"Refer to the section <quote>DOMAIN SECTIONS</quote> of the <citerefentry> "
"<refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> manual page for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
"Vea la sección <quote>DOMAIN SECTIONS</quote> de la página de manual "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> para detalles sobre la configuración de un "
"dominio SSSD. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"Specifying no values for any of the lists is equivalent to skipping it "
"entirely. Beware of this while generating parameters for the simple provider "
"using automated scripts."
"No especificando valores para ninguna de las listas es equivalente a "
"saltarle totalmente. Tenga cuidado de esto mientras genera parámetros para "
"el simple proveedor usando secuencias de comandos automatizadas."
#. type: Content of: <reference><refentry><refsect1><para>
"Please note that it is an configuration error if both, simple_allow_users "
"and simple_deny_users, are defined."
"Por favor advierta que es un error de configuración si tanto, "
"simple_allow_users como simple_deny_user, están definidos."
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the simple access provider-specific options."
"El siguiente ejemplo asume que SSSD está correctamente configurado y example."
"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. "
"Este ejemplo muestra sólo las opciones específicas del proveedor de acceso "
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"access_provider = simple\n"
"simple_allow_users = user1, user2\n"
#. type: Content of: <reference><refentry><refsect1><para>
"The complete group membership hierarchy is resolved before the access check, "
"thus even nested groups can be included in the access lists. Please be "
"aware that the <quote>ldap_group_nesting_level</quote> option may impact the "
"results and should be set to a sufficient value. (<citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD Certificate Matching and Mapping Rules"
#. type: Content of: <reference><refentry><refsect1><para>
"The manual page describes the rules which can be used by SSSD and other "
"components to match X.509 certificates and map them to accounts."
#. type: Content of: <reference><refentry><refsect1><para>
"Each rule has four components, a <quote>priority</quote>, a <quote>matching "
"rule</quote>, a <quote>mapping rule</quote> and a <quote>domain list</"
"quote>. All components are optional. A missing <quote>priority</quote> will "
"add the rule with the lowest priority. The default <quote>matching rule</"
"quote> will match certificates with the digitalSignature key usage and "
"clientAuth extended key usage. If the <quote>mapping rule</quote> is empty "
"the certificates will be searched in the userCertificate attribute as DER "
"encoded binary. If no domains are given only the local domain will be "
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The rules are processed by priority while the number '0' (zero) indicates "
"the highest priority. The higher the number the lower is the priority. A "
"missing value indicates the lowest priority."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"Internally the priority is treated as unsigned 32bit integer, using a "
"priority value larger than 4294967295 will cause an error."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The matching rule is used to select a certificate to which the mapping rule "
"should be applied. It uses a system similar to the one used by "
"<quote>pkinit_cert_match</quote> option of MIT Kerberos. It consists of a "
"keyword enclosed by '<' and '>' which identified a certain part of the "
"certificate and a pattern which should be found for the rule to match. "
"Multiple keyword pattern pairs can be either joined with '&&' (and) "
"or '||' (or)."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SUBJECT>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"With this a part or the whole subject name of the certificate can be "
"matched. For the matching POSIX Extended Regular Expression syntax is used, "
"see regex(7) for details."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"For the matching the subject name stored in the certificate in DER encoded "
"ASN.1 is converted into a string according to RFC 4514. This means the most "
"specific name component comes first. Please note that not all possible "
"attribute names are covered by RFC 4514. The names included are 'CN', 'L', "
"'ST', 'O', 'OU', 'C', 'STREET', 'DC' and 'UID'. Other attribute names might "
"be shown differently on different platform and by different tools. To avoid "
"confusion those attribute names are best not used or covered by a suitable "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SUBJECT>.*,DC=MY,DC=DOMAIN"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<ISSUER>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"With this a part or the whole issuer name of the certificate can be matched. "
"All comments for <SUBJECT> apply her as well."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <ISSUER>^CN=My-CA,DC=MY,DC=DOMAIN$"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<KU>key-usage"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This option can be used to specify which key usage values the certificate "
"should have. The following values can be used in a comma separated list:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"A numerical value in the range of a 32bit unsigned integer can be used as "
"well to cover special use cases."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <KU>digitalSignature,keyEncipherment"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<EKU>extended-key-usage"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This option can be used to specify which extended key usage the certificate "
"should have. The following value can be used in a comma separated list:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Extended key usages which are not listed above can be specified with their "
"OID in dotted-decimal notation."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <EKU>clientAuth,1.3.6.1.5.2.3.4"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"To be compatible with the usage of MIT Kerberos this option will match the "
"Kerberos principals in the PKINIT or AD NT Principal SAN as <SAN:"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN>.*@MY\\.REALM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:Principal>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the Kerberos principals in the PKINIT or AD NT Principal SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:Principal>.*@MY\\.REALM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:ntPrincipalName>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the Kerberos principals from the AD NT Principal SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:ntPrincipalName>.*@
MY.AD.REALM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:pkinit>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the Kerberos principals from the PKINIT SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:ntPrincipalName>.*@MY\\.PKINIT\\.REALM"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:dotted-decimal-oid>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Take the value of the otherName SAN component given by the OID in dotted-"
"decimal notation, interpret it as string and try to match it against the "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:1.2.3.4>test"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:otherName>base64-string"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Do a binary match with the base64 encoded blob against all otherName SAN "
"components. With this option it is possible to match against custom "
"otherName components with special encodings which could not be treated as "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:otherName>MTIz"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:rfc822Name>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the value of the rfc822Name SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:rfc822Name>.*@email\\.domain"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:dNSName>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the value of the dNSName SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:dNSName>.*\\.my\\.dns\\.domain"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:x400Address>base64-string"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Binary match the value of the x400Address SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:x400Address>MTIz"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:directoryName>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Match the value of the directoryName SAN. The same comments as given for <"
"ISSUER> and <SUBJECT> apply here as well."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:directoryName>.*,DC=com"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:ediPartyName>base64-string"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Binary match the value of the ediPartyName SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:ediPartyName>MTIz"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:uniformResourceIdentifier>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the value of the uniformResourceIdentifier SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:uniformResourceIdentifier>URN:.*"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:iPAddress>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the value of the iPAddress SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:iPAddress>192\\.168\\..*"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "<SAN:registeredID>regular-expression"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Match the value of the registeredID SAN as dotted-decimal string."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: <SAN:registeredID>1\\.2\\.3\\..*"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The available options are: <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The mapping rule is used to associate a certificate with one or more "
"accounts. A Smartcard with the certificate and the matching private key can "
"then be used to authenticate as one of those accounts."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"Currently SSSD basically only supports LDAP to lookup user information (the "
"exception is the proxy provider which is not of relevance here). Because of "
"this the mapping rule is based on LDAP search filter syntax with templates "
"to add certificate content to the filter. It is expected that the filter "
"will only contain the specific data needed for the mapping and that the "
"caller will embed it in another filter to do the actual search. Because of "
"this the filter string should start and stop with '(' and ')' respectively."
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"In general it is recommended to use attributes from the certificate and add "
"them to special attributes to the LDAP user object.
E.g. the "
"'altSecurityIdentities' attribute in AD or the 'ipaCertMapData' attribute "
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"This should be preferred to read user specific data from the certificate "
"like
e.g. an email address and search for it in the LDAP server. The reason "
"is that the user specific data in LDAP might change for various reasons "
"would break the mapping. On the other hand it would be hard to break the "
"mapping on purpose for a specific user."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{issuer_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the full issuer DN converted to a string according to "
"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
"the '_x500' prefix should be used."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"The conversion options starting with 'ad_' will use attribute names as used "
"by AD,
e.g. 'S' instead of 'ST'."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"The conversion options starting with 'nss_' will use attribute names as used "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"The default conversion option is 'nss',
i.e. attribute names according to "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Example: (ipacertmapdata=X509:<I>{issuer_dn!ad}<S>{subject_dn!"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_dn[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the full subject DN converted to string according to "
"RFC 4514. If X.500 ordering (most specific RDN comes last) an option with "
"the '_x500' prefix should be used."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Example: (ipacertmapdata=X509:<I>{issuer_dn!nss_x500}<S>"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{cert[!(bin|base64)]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the whole DER encoded certificate as a string to the "
"search filter. Depending on the conversion option the binary certificate is "
"either converted to an escaped hex sequence '\\xx' or base64. The escaped "
"hex sequence is the default and can
e.g. be used with the LDAP attribute "
"'userCertificate;binary'."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (userCertificate;binary={cert!bin})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_principal[.short_name]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the Kerberos principal which is taken either from the "
"SAN used by pkinit or the one used by AD. The 'short_name' component "
"represents the first part of the principal before the '@' sign."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Example: (|(userPrincipal={subject_principal})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_pkinit_principal[.short_name]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the Kerberos principal which is given by the SAN used "
"by pkinit. The 'short_name' component represents the first part of the "
"principal before the '@' sign."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Example: (|(userPrincipal={subject_pkinit_principal})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_nt_principal[.short_name]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the Kerberos principal which is given by the SAN used "
"by AD. The 'short_name' component represent the first part of the principal "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_rfc822_name[.short_name]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the string which is stored in the rfc822Name "
"component of the SAN, typically an email address. The 'short_name' component "
"represents the first part of the address before the '@' sign."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Example: (|(mail={subject_rfc822_name})(uid={subject_rfc822_name."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_dns_name[.short_name]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the string which is stored in the dNSName component "
"of the SAN, typically a fully-qualified host name. The 'short_name' "
"component represents the first part of the name before the first '.' sign."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the string which is stored in the "
"uniformResourceIdentifier component of the SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (uri={subject_uri})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_ip_address}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the string which is stored in the iPAddress component "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (ip={subject_ip_address})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_x400_address}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the value which is stored in the x400Address "
"component of the SAN as escaped hex sequence."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (attr:binary={subject_x400_address})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
"{subject_directory_name[!((ad|ad_x500)|ad_ldap|nss_x500|(nss|nss_ldap))]}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the DN string of the value which is stored in the "
"directoryName component of the SAN."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (orig_dn={subject_directory_name})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_ediparty_name}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the value which is stored in the ediPartyName "
"component of the SAN as escaped hex sequence."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (attr:binary={subject_ediparty_name})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "{subject_registered_id}"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"This template will add the OID which is stored in the registeredID component "
"of the SAN as a dotted-decimal string."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Example: (oid={subject_registered_id})"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The templates to add certificate data to the search filter are based on "
"Python-style formatting strings. They consist of a keyword in curly braces "
"with an optional sub-component specifier separated by a '.' or an optional "
"<placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"If the domain list is not empty users mapped to a given certificate are not "
"only searched in the local domain but in the listed domains as well as long "
"as they are know by SSSD. Domains not know to SSSD will be ignored."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD IPA provider"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the IPA provider for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
"Este página de manual describe la configuración del proveedor IPA para "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Para una referencia de sintaxis detalladas, vea la sección "
"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
"<refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
#. type: Content of: <reference><refentry><refsect1><para>
"The IPA provider is a back end used to connect to an IPA server. (Refer to "
"the
freeipa.org web site for information about IPA servers.) This provider "
"requires that the machine be joined to the IPA domain; configuration is "
"almost entirely self-discovered and obtained directly from the server."
"El proveedor IPA es un back end usado para conectar a un servidor IPA. (Vea "
"el sitio web
freeipa.org para información sobre los servidores IPA). Este "
"proveedor requiere que la máquina este unido al dominio IPA; la "
"configuración es casi enteramente auto descubierta y obtenida directamente "
#. type: Content of: <reference><refentry><refsect1><para>
"The IPA provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
"optimizations for IPA environments. The IPA provider accepts the same "
"options used by the sssd-ldap and sssd-krb5 providers with some exceptions. "
"However, it is neither necessary nor recommended to set these options."
#. type: Content of: <reference><refentry><refsect1><para>
"The IPA provider primarily copies the traditional ldap and krb5 provider "
"default options with some exceptions, the differences are listed in the "
"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
#. type: Content of: <reference><refentry><refsect1><para>
"As an access provider, the IPA provider uses HBAC (host-based access "
"control) rules. Please refer to
freeipa.org for more information about "
"HBAC. No configuration of access provider is required on the client side."
#. type: Content of: <reference><refentry><refsect1><para>
"If <quote>auth_provider=ipa</quote> or <quote>access_provider=ipa</quote> is "
"configured in
sssd.conf then the id_provider must also be set to <quote>ipa</"
#. type: Content of: <reference><refentry><refsect1><para>
"The IPA provider will use the PAC responder if the Kerberos tickets of users "
"from trusted realms contain a PAC. To make configuration easier the PAC "
"responder is started automatically if the IPA ID provider is configured."
"El porveedor IPA usara el respondedor PAC si las entradas Kerberos de los "
"usuario de reinos confiables contienen un PAC. Para hacer la configuración "
"más fácil el respondedor PAC es iniciado automáticamente si la ID del "
"proveedor IPA está configurada."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_domain (string)"
msgstr "ipa_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the name of the IPA domain. This is optional. If not provided, "
"the configuration domain name is used."
"Especifica el nombre del dominio IPA. Esto es opcional. Si no se suministra, "
"se usa el nombre de configuración del dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_server, ipa_backup_server (string)"
msgstr "ipa_server, ipa_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The comma-separated list of IP addresses or hostnames of the IPA servers to "
"which SSSD should connect in the order of preference. For more information "
"on failover and server redundancy, see the <quote>FAILOVER</quote> section. "
"This is optional if autodiscovery is enabled. For more information on "
"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
"La lista separada por comas de direcciones IP o nombres de host de los "
"servidores IPA a los que SSSD se conectaría en orden de preferencia. Para "
"más información sobre conmutación en error y redundancia de servidores, vea "
"la sección <quote>FAILOVER</quote>. Esto es opcional si autodiscovery está "
"habilitado. Para más información sobre el servicio descubridor, vea la "
"sección <quote>SERVICE DISCOVERY</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_hostname (string)"
msgstr "ipa_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "Optional. May be set on machines where the hostname(5) does not reflect "
#| "the fully qualified name used in the IPA domain to identify this host."
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the IPA domain to identify this host. The "
"hostname must be fully qualified."
"Opcional. Puede ser fijado en máquinas donde hostname(5) no refleja el "
"nombre totalmente cualificado usado en el dominio IPA para identificar este "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_update (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Optional. This option tells SSSD to automatically update the DNS server "
"built into FreeIPA with the IP address of this client. The update is secured "
"using GSS-TSIG. The IP address of the IPA LDAP connection is used for the "
"updates, if it is not otherwise specified by using the <quote>dyndns_iface</"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: On older systems (such as RHEL 5), for this behavior to work reliably, "
"NOTA: Sobre sistemas más antiguos (como RHEL 5), para que este "
"comportamiento trabaje fiablemente, el reino por defecto Kerberos debe ser "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_update</"
"emphasis> option, users should migrate to using <emphasis>dyndns_update</"
"emphasis> in their config file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_ttl (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The TTL to apply to the client DNS record when updating it. If "
"dyndns_update is false this has no effect. This will override the TTL "
"serverside if set by an administrator."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_ttl</"
"emphasis> option, users should migrate to using <emphasis>dyndns_ttl</"
"emphasis> in their config file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 1200 (seconds)"
msgstr "Por defecto: 1200 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_iface (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Optional. Applicable only when dyndns_update is true. Choose the interface "
"or a list of interfaces whose IP addresses should be used for dynamic DNS "
"updates. Special value <quote>*</quote> implies that IPs from all interfaces "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: While it is still possible to use the old <emphasis>ipa_dyndns_iface</"
"emphasis> option, users should migrate to using <emphasis>dyndns_iface</"
"emphasis> in their config file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: Use the IP addresses of the interface which is used for IPA LDAP "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Example: dyndns_iface = em1, vnet1, vnet2"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_auth (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Whether the nsupdate utility should use GSS-TSIG authentication for secure "
"updates with the DNS server, insecure updates can be sent by setting this "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: GSS-TSIG"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_enable_dns_sites (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Enables DNS sites - location based service discovery."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, then the SSSD will first attempt location "
"\" and then fall back to traditional SRV discovery. If the location based "
"discovery succeeds, the IPA servers located with the location based "
"discovery are treated as primary servers and the IPA servers located using "
"the traditional SRV discovery are used as back up servers"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_refresh_interval (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
"optional and applicable only when dyndns_update is true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_update_ptr (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Whether the PTR record should also be explicitly updated when updating the "
"client's DNS records. Applicable only when dyndns_update is true."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option should be False in most IPA deployments as the IPA server "
"generates the PTR records automatically when forward records are changed."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: False (disabled)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_force_tcp (bool)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Whether the nsupdate utility should default to using TCP for communicating "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: False (let nsupdate choose the protocol)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "dyndns_server (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The DNS server to use when performing a DNS update. In most setups, it's "
"recommended to leave this option unset."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Setting this option makes sense for environments where the DNS server is "
"different from the identity server."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that this option will be only used in fallback attempt when "
"previous attempt using autodetected settings failed."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: None (let nsupdate choose the server)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ipa_host_search_base (string)"
msgid "ipa_deskprofile_search_base (string)"
msgstr "ipa_host_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "Optional. Use the given string as search base for HBAC related objects."
"Optional. Use the given string as search base for Desktop Profile related "
"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: Use base DN"
msgstr "Predeterminado: Utilizar DN base"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_hbac_search_base (string)"
msgstr "ipa_hbac_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Optional. Use the given string as search base for HBAC related objects."
"Opcional. Usa la cadena dada como base de búsqueda para los objetos HBAC "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_host_search_base (string)"
msgstr "ipa_host_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Deprecated. Use ldap_host_search_base instead."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_selinux_search_base (string)"
msgstr "ipa_selinux_search_base (cadena)Opcional. "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Optional. Use the given string as search base for SELinux user maps."
"Opcional. Usa la cadena dada como base de búsqueda para los mapas de usuario "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_subdomains_search_base (string)"
msgstr "ipa_subdomains_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Optional. Use the given string as search base for trusted domains."
"Opcional: Usa la cadena dada como base de búsqueda de dominios de confianza."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: the value of <emphasis>cn=trusts,%basedn</emphasis>"
msgstr "Por defecto: el valor de <emphasis>cn=trusts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_master_domain_search_base (string)"
msgstr "ipa_master_domain_search_base (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Optional. Use the given string as search base for master domain object."
"Opcional: Usa la cadena dada como base de búsqueda para el objeto maestro de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: the value of <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
msgstr "Por defecto: el valor de <emphasis>cn=ad,cn=etc,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_views_search_base (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Optional. Use the given string as search base for views containers."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: the value of <emphasis>cn=views,cn=accounts,%basedn</emphasis>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The name of the Kerberos realm. This is optional and defaults to the value "
"of <quote>ipa_domain</quote>."
"El nombre del reino Kerberos. Esto es opcional y por defecto está al valor "
"de <quote>ipa_domain</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The name of the Kerberos realm has a special meaning in IPA - it is "
"converted into the base DN to use for performing LDAP operations."
"El nombre del reino Kerberos tiene un significado especial en IPA – es "
"convertido hacia la base DN para usarlo para llevar a cabo operaciones LDAP."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_confd_path (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Absolute path of a directory where SSSD should place Kerberos configuration "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"To disable the creation of the configuration snippets set the parameter to "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: not set (
krb5.include.d subdirectory of SSSD's pubconf directory)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ipa_hbac_refresh (integer)"
msgid "ipa_deskprofile_refresh (integer)"
msgstr "ipa_hbac_refresh (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "The amount of time between lookups of the HBAC rules against the IPA "
#| "server. This will reduce the latency and load on the IPA server if there "
#| "are many access-control requests made in a short period."
"The amount of time between lookups of the Desktop Profile rules against the "
"IPA server. This will reduce the latency and load on the IPA server if there "
"are many desktop profiles requests made in a short period."
"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 5 (seconds)"
msgstr "Predeterminado: 5 (segundos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#| msgid "ldap_sudo_full_refresh_interval (integer)"
msgid "ipa_deskprofile_request_interval (integer)"
msgstr "ldap_sudo_full_refresh_interval (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "The amount of time between lookups of the HBAC rules against the IPA "
#| "server. This will reduce the latency and load on the IPA server if there "
#| "are many access-control requests made in a short period."
"The amount of time between lookups of the Desktop Profile rules against the "
"IPA server in case the last request did not return any rule."
"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| msgid "Default: 900 (15 minutes)"
msgid "Default: 60 (minutes)"
msgstr "Predeterminado: 900 (15 minutos)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_hbac_refresh (integer)"
msgstr "ipa_hbac_refresh (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The amount of time between lookups of the HBAC rules against the IPA server. "
"This will reduce the latency and load on the IPA server if there are many "
"access-control requests made in a short period."
"La cantidad de tiempo entre vbúsquedas de las reglas HBAC contra el servidor "
"IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si hay "
"muchas peticiones de control de acceso hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_hbac_selinux (integer)"
msgstr "ipa_hbac_selinux (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The amount of time between lookups of the SELinux maps against the IPA "
"server. This will reduce the latency and load on the IPA server if there are "
"many user login requests made in a short period."
"La cantidad de tiempo entre búsquedas de los mapas SELinux contra el "
"servidor IPA. Esto reducirá la latencia y la carga sobre el servidor IPA si "
"hay muchas peticiones de acceso de usuario hechas en un corto período."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_server_mode (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option will be set by the IPA installer (ipa-server-install) "
"automatically and denotes if SSSD is running on an IPA server or not."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"On an IPA server SSSD will lookup users and groups from trusted domains "
"directly while on a client it will ask an IPA server."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: There are currently some assumptions that must be met when SSSD is "
"running on an IPA server."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
"The <quote>ipa_server</quote> option must be configured to point to the IPA "
"server itself. This is already the default set by the IPA installer, so no "
"manual change is required."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
"The <quote>full_name_format</quote> option must not be tweaked to only print "
"short names for users from trusted domains."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ipa_automount_location (string)"
msgstr "ipa_automount_location (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "The automounter location this IPA client will be using"
msgstr "La localización del automontador de este cliente IPA que será usada"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: The location named \"default\""
msgstr "Por defecto: La localización llamada “default”"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "VIEWS AND OVERRIDES"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "ipa_view_class (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Objectclass of the view container."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: nsContainer"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "ipa_view_name (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Name of the attribute holding the name of the view."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "ipa_override_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Objectclass of the override objects."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipaOverrideAnchor"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "ipa_anchor_uuid (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Name of the attribute containing the reference to the original object in a "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipaAnchorUUID"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "ipa_user_override_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Name of the objectclass for user overrides. It is used to determine if the "
"found override object is related to a user or a group."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "User overrides can contain attributes given by"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "ldap_user_uid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "ldap_user_gid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "ldap_user_home_directory"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "ldap_user_ssh_public_key"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipaUserOverride"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "ipa_group_override_object_class (string)"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Name of the objectclass for group overrides. It is used to determine if the "
"found override object is related to a user or a group."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Group overrides can contain attributes given by"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "ldap_group_gid_number"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Default: ipaGroupOverride"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"SSSD can handle views and overrides which are offered by FreeIPA 4.1 and "
"later version. Since all paths and objectclasses are fixed on the server "
"side there is basically no need to configure anything. For completeness the "
"related options are listed here with their default values. <placeholder "
"type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "SUBDOMAINS PROVIDER"
msgstr "PROVEEDOR DE SUBDOMINIOS"
#. type: Content of: <reference><refentry><refsect1><para>
"The IPA subdomains provider behaves slightly differently if it is configured "
"explicitly or implicitly."
"El proveedor de subdominios IPA se comporta de forma ligeramente diferente "
"si está configurado explícitamente o implícitamente."
#. type: Content of: <reference><refentry><refsect1><para>
"If the option 'subdomains_provider = ipa' is found in the domain section of "
"
sssd.conf, the IPA subdomains provider is configured explicitly, and all "
"subdomain requests are sent to the IPA server if necessary."
"Si la opción ' subdomains_provider = ipa' se encuentra en la sección de "
"dominio de
sssd.conf, el proveedor de subdominios de IPA se configura "
"explícitamente, y todas las peticiones de subdominio se envían al servidor "
"de IPA si es necesario."
#. type: Content of: <reference><refentry><refsect1><para>
"If the option 'subdomains_provider' is not set in the domain section of sssd."
"conf but there is the option 'id_provider = ipa', the IPA subdomains "
"provider is configured implicitly. In this case, if a subdomain request "
"fails and indicates that the server does not support subdomains,
i.e. is not "
"configured for trusts, the IPA subdomains provider is disabled. After an "
"hour or after the IPA provider goes online, the subdomains provider is "
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This examples shows only the ipa provider-specific options."
"El siguiente ejemplo asume que SSSD está correctamente configurado y example."
"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. "
"Este ejemplo muestra sólo las opciones específicas del proveedor ipa."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD Active Directory provider"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the AD provider for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
"Esta página de manual describe la configuración del proveedor AD para "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. Para una referencia detallada de sintaxis, vea la sección "
"<quote>FILE FORMAT</quote> de la página de manual <citerefentry> "
"<refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</manvolnum> </"
#. type: Content of: <reference><refentry><refsect1><para>
"The AD provider is a back end used to connect to an Active Directory server. "
"This provider requires that the machine be joined to the AD domain and a "
"keytab is available. Back end communication occurs over a GSSAPI-encrypted "
"channel,
SSL/TLS options should not be used with the AD provider and will be "
"superseded by Kerberos usage."
#. type: Content of: <reference><refentry><refsect1><para>
"The AD provider supports connecting to Active Directory 2008 R2 or later. "
"Earlier versions may work, but are unsupported."
"El proveedor AD soporta la conexión a Active Directory 2008 R2 o "
"posteriores. Las versiones anteriores pueden trabajar, pero no está "
#. type: Content of: <reference><refentry><refsect1><para>
"The AD provider can be used to get user information and authenticate users "
"from trusted domains. Currently only trusted domains in the same forest are "
"recognized. In addition servers from trusted domains are always auto-"
#. type: Content of: <reference><refentry><refsect1><para>
"The AD provider enables SSSD to use the <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> identity "
"provider and the <citerefentry> <refentrytitle>sssd-krb5</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> authentication provider with "
"optimizations for Active Directory environments. The AD provider accepts the "
"same options used by the sssd-ldap and sssd-krb5 providers with some "
"exceptions. However, it is neither necessary nor recommended to set these "
#. type: Content of: <reference><refentry><refsect1><para>
"The AD provider primarily copies the traditional ldap and krb5 provider "
"default options with some exceptions, the differences are listed in the "
"<quote>MODIFIED DEFAULT OPTIONS</quote> section."
#. type: Content of: <reference><refentry><refsect1><para>
"The AD provider can also be used as an access, chpass, sudo and autofs "
"provider. No configuration of the access provider is required on the client "
#. type: Content of: <reference><refentry><refsect1><para>
"If <quote>auth_provider=ad</quote> or <quote>access_provider=ad</quote> is "
"configured in
sssd.conf then the id_provider must also be set to <quote>ad</"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"ldap_id_mapping = False\n"
"ldap_id_mapping = False\n"
#. type: Content of: <reference><refentry><refsect1><para>
"By default, the AD provider will map UID and GID values from the objectSID "
"parameter in Active Directory. For details on this, see the <quote>ID "
"MAPPING</quote> section below. If you want to disable ID mapping and instead "
"rely on POSIX attributes defined in Active Directory, you should set "
"<placeholder type=\"programlisting\" id=\"0\"/> If POSIX attributes should "
"be used, it is recommended for performance reasons that the attributes are "
"also replicated to the Global Catalog. If POSIX attributes are replicated, "
"SSSD will attempt to locate the domain of a requested numerical ID with the "
"help of the Global Catalog and only search that domain. In contrast, if "
"POSIX attributes are not replicated to the Global Catalog, SSSD must search "
"all the domains in the forest sequentially. Please note that the "
"<quote>cache_first</quote> option might be also helpful in speeding up "
#. type: Content of: <reference><refentry><refsect1><para>
"Users, groups and other entities served by SSSD are always treated as case-"
"insensitive in the AD provider for compatibility with Active Directory's "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_domain (string)"
msgstr "ad_domain (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the name of the Active Directory domain. This is optional. If not "
"provided, the configuration domain name is used."
"Especifica el nombre del dominio Active Directory. Esto es opcional. Si no "
"se suministra, se usa la configuración del nombre de dominio."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For proper operation, this option should be specified as the lower-case "
"version of the long version of the Active Directory domain."
"Para una operativa apropiada, esta opción sería especificada en la versión "
"minúscula de la versión larga del dominio Active Directory."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The short domain name (also known as the NetBIOS or the flat name) is "
"autodetected by the SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_enabled_domains (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of enabled Active Directory domains. If provided, "
"SSSD will ignore any domains not listed in this option. If left unset, all "
"domains from the AD forest will be available."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For proper operation, this option must be specified in all lower-case and as "
"the fully qualified domain name of the Active Directory domain. For example: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The short domain name (also known as the NetBIOS or the flat name) will be "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_server, ad_backup_server (string)"
msgstr "ad_server, ad_backup_server (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The comma-separated list of hostnames of the AD servers to which SSSD should "
"connect in order of preference. For more information on failover and server "
"redundancy, see the <quote>FAILOVER</quote> section."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This is optional if autodiscovery is enabled. For more information on "
"service discovery, refer to the <quote>SERVICE DISCOVERY</quote> section."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: Trusted domains will always auto-discover servers even if the primary "
"server is explicitly defined in the ad_server option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_hostname (string)"
msgstr "ad_hostname (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Optional. May be set on machines where the hostname(5) does not reflect the "
"fully qualified name used in the Active Directory domain to identify this "
"Opcional. Puede ser fijada en máquinas donde el hostname(5) no refleja el "
"nombre totalmente cualificado usaro en el dominio Active Directory para "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This field is used to determine the host principal in use in the keytab. It "
"must match the hostname for which the keytab was issued."
"Este campo se usa para determinar el host principal en uso en la keytab. "
"Debe coincidir con el nombre del host desde que se envío la keytab."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_enable_dns_sites (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If true and service discovery (see Service Discovery paragraph at the bottom "
"of the man page) is enabled, the SSSD will first attempt to discover the "
"Active Directory server to connect to using the Active Directory Site "
"Discovery and fall back to the DNS SRV records if no AD site is found. The "
"DNS SRV configuration, including the discovery domain, is used during site "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_access_filter (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option specifies LDAP access control filter that the user must match in "
"order to be allowed access. Please note that the <quote>access_provider</"
"quote> option must be explicitly set to <quote>ad</quote> in order for this "
"option to have an effect."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The option also supports specifying different filters per domain or forest. "
"This extended filter would consist of: <quote>KEYWORD:NAME:FILTER</quote>. "
"The keyword can be either <quote>DOM</quote>, <quote>FOREST</quote> or "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If the keyword equals to <quote>DOM</quote> or is missing, then <quote>NAME</"
"quote> specifies the domain or subdomain the filter applies to. If the "
"keyword equals to <quote>FOREST</quote>, then the filter equals to all "
"domains from the forest specified by <quote>NAME</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Multiple filters can be separated with the <quote>?</quote> character, "
"similarly to how search bases work."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Nested group membership must be searched for using a special OID "
"<quote>:1.2.840.113556.1.4.1941:</quote> in addition to the full DOM:domain."
"
example.org: syntax to ensure the parser does not attempt to interpret the "
"colon characters associated with the OID. If you do not use this OID then "
"nested group membership will not be resolved. See usage example below and "
"refer here for further information about the OID: <ulink url=\"
https://msdn."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The most specific match is always used. For example, if the option specified "
"filter for a domain the user is a member of and a global filter, the per-"
"domain filter would be applied. If there are more matches with the same "
"specification, the first one is used."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><programlisting>
"# apply filter on domain called dom1 only:\n"
"dom1:(memberOf=cn=admins,ou=groups,dc=dom1,dc=com)\n"
"# apply filter on domain called dom2 only:\n"
"DOM:dom2:(memberOf=cn=admins,ou=groups,dc=dom2,dc=com)\n"
"FOREST:
EXAMPLE.COM:(memberOf=cn=admins,ou=groups,dc=example,dc=com)\n"
"# apply filter for a member of a nested group in dom1:\n"
"DOM:dom1:(memberOf:1.2.840.113556.1.4.1941:=cn=nestedgroup,ou=groups,dc=example,dc=com)\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specify AD site to which client should try to connect. If this option is "
"not provided, the AD site will be auto-discovered."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_enable_gc (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"By default, the SSSD connects to the Global Catalog first to retrieve users "
"from trusted domains and uses the LDAP port to retrieve group memberships or "
"as a fallback. Disabling this option makes the SSSD only connect to the LDAP "
"port of the current AD server."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Please note that disabling Global Catalog support does not disable "
"retrieving users from trusted domains. The SSSD would connect to the LDAP "
"port of trusted domains instead. However, Global Catalog must be used in "
"order to resolve cross-domain group memberships."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_access_control (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option specifies the operation mode for GPO-based access control "
"functionality: whether it operates in disabled mode, enforcing mode, or "
"permissive mode. Please note that the <quote>access_provider</quote> option "
"must be explicitly set to <quote>ad</quote> in order for this option to have "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"GPO-based access control functionality uses GPO policy settings to determine "
"whether or not a particular user is allowed to logon to a particular host."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: The current version of SSSD does not support host (computer) entries "
"in the GPO 'Security Filtering' list. Only user and group entries are "
"supported. Host entries in the list have no effect."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: If the operation mode is set to enforcing, it is possible that users "
"that were previously allowed logon access will now be denied logon access "
"(as dictated by the GPO policy settings). In order to facilitate a smooth "
"transition for administrators, a permissive mode is available that will not "
"enforce the access control rules, but will evaluate them and will output a "
"syslog message if access would have been denied. By examining the logs, "
"administrators can then make the necessary changes before setting the mode "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "There are three supported values for this option:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
"disabled: GPO-based access control rules are neither evaluated nor enforced."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "enforcing: GPO-based access control rules are evaluated and enforced."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
"permissive: GPO-based access control rules are evaluated, but not enforced. "
"Instead, a syslog message will be emitted indicating that the user would "
"have been denied access if this option's value were set to enforcing."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: permissive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: enforcing"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_cache_timeout (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The amount of time between lookups of GPO policy files against the AD "
"server. This will reduce the latency and load on the AD server if there are "
"many access-control requests made in a short period."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_interactive (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the InteractiveLogonRight and "
"DenyInteractiveLogonRight policy settings."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on locally\" and \"Deny log on locally\"."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_interactive = +my_pam_service, -login\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (
e.g. "
"<quote>login</quote>) with a custom pam service name (
e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: the default set of PAM service names includes:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_remote_interactive (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the RemoteInteractiveLogonRight and "
"DenyRemoteInteractiveLogonRight policy settings."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on through Remote Desktop Services\" and \"Deny log on through Remote "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_remote_interactive = +my_pam_service, -sshd\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (
e.g. "
"<quote>sshd</quote>) with a custom pam service name (
e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_network (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the NetworkLogonRight and "
"DenyNetworkLogonRight policy settings."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: Using the Group Policy Management Editor this value is called \"Access "
"this computer from the network\" and \"Deny access to this computer from the "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_network = +my_pam_service, -ftp\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (
e.g. "
"<quote>ftp</quote>) with a custom pam service name (
e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_batch (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the BatchLogonRight and DenyBatchLogonRight "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a batch job\" and \"Deny log on as a batch job\"."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_batch = +my_pam_service, -crond\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for this logon right (
e.g. "
"<quote>crond</quote>) with a custom pam service name (
e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_service (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access "
"control is evaluated based on the ServiceLogonRight and "
"DenyServiceLogonRight policy settings."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Note: Using the Group Policy Management Editor this value is called \"Allow "
"log on as a service\" and \"Deny log on as a service\"."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_service = +my_pam_service\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"It is possible to add a PAM service name to the default set by using <quote>"
"+service_name</quote>. Since the default set is empty, it is not possible "
"to remove a PAM service name from the default set. For example, in order to "
"add a custom pam service name (
e.g. <quote>my_pam_service</quote>), you "
"would use the following configuration: <placeholder type=\"programlisting\" "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_permit (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access is "
"always granted, regardless of any GPO Logon Rights."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_permit = +my_pam_service, -sudo\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"It is possible to add another PAM service name to the default set by using "
"<quote>+service_name</quote> or to explicitly remove a PAM service name from "
"the default set by using <quote>-service_name</quote>. For example, in "
"order to replace a default PAM service name for unconditionally permitted "
"access (
e.g. <quote>sudo</quote>) with a custom pam service name (
e.g. "
"<quote>my_pam_service</quote>), you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_map_deny (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"A comma-separated list of PAM service names for which GPO-based access is "
"always denied, regardless of any GPO Logon Rights."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"ad_gpo_map_deny = +my_pam_service\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_gpo_default_right (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option defines how access control is evaluated for PAM service names "
"that are not explicitly listed in one of the ad_gpo_map_* options. This "
"option can be set in two different manners. First, this option can be set to "
"use a default logon right. For example, if this option is set to "
"'interactive', it means that unmapped PAM service names will be processed "
"based on the InteractiveLogonRight and DenyInteractiveLogonRight policy "
"settings. Alternatively, this option can be set to either always permit or "
"always deny access for unmapped PAM service names."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Supported values for this option include:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
msgid "remote_interactive"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_maximum_machine_account_password_age (integer)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"SSSD will check once a day if the machine account password is older than the "
"given age in days and try to renew it. A value of 0 will disable the renewal "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "ad_machine_account_password_renewal_opts (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"This option should only be used to test the machine account renewal task. "
"The option expects 2 integers separated by a colon (':'). The first integer "
"defines the interval in seconds how often the task is run. The second "
"specifies the initial timeout in seconds before the task is run for the "
"first time after startup."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 86400:750 (24h and 15m)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Optional. This option tells SSSD to automatically update the Active "
"Directory DNS server with the IP address of this client. The update is "
"secured using GSS-TSIG. As a consequence, the Active Directory administrator "
"only needs to allow secure updates for the DNS zone. The IP address of the "
"AD LDAP connection is used for the updates, if it is not otherwise specified "
"by using the <quote>dyndns_iface</quote> option."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: 3600 (seconds)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: Use the IP addresses of the interface which is used for AD LDAP "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"How often should the back end perform periodic DNS update in addition to the "
"automatic update performed when the back end goes online. This option is "
"optional and applicable only when dyndns_update is true. Note that the "
"lowest possible value is 60 seconds in-case if value is provided less than "
"60, parameter will assume lowest value only."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: True"
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and example."
"com is one of the domains in the <replaceable>[sssd]</replaceable> section. "
"This example shows only the AD provider-specific options."
"El siguiente ejemplo asume que SSSD está correctamente configurado y example."
"com es uno de los dominios en la sección <replaceable>[sssd]</replaceable>. "
"Este ejemplo muestra sólo las opciones específicas del proveedor AD."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"access_provider = ldap\n"
"ldap_access_order = expire\n"
"ldap_account_expire_policy = ad\n"
"access_provider = ldap\n"
"ldap_access_order = expire\n"
"ldap_account_expire_policy = ad\n"
#. type: Content of: <reference><refentry><refsect1><para>
"The AD access control provider checks if the account is expired. It has the "
"same effect as the following configuration of the LDAP provider: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
"El proveedor de control de acceso AD comprueba si la cuenta está expirada. "
"Tiene el mismo efecto que la siguiente configuración del proveedor LDAP: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"However, unless the <quote>ad</quote> access control provider is explicitly "
"configured, the default access provider is <quote>permit</quote>. Please "
"note that if you configure an access provider other than <quote>ad</quote>, "
"you need to set all the connection parameters (such as LDAP URIs and "
"encryption details) manually."
#. type: Content of: <reference><refentry><refsect1><para>
"When the autofs provider is set to <quote>ad</quote>, the RFC2307 schema "
"attribute mapping (nisMap, nisObject, ...) is used, because these attributes "
"are included in the default Active Directory schema."
#. type: Content of: <reference><refentry><refmeta><refentrytitle>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "Configuring sudo with the SSSD back end"
msgstr "Configuración de sudo con el motor de SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes how to configure <citerefentry> "
"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
"to work with <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> and how SSSD caches sudo rules."
"Esta página de manual describe como configurar <citerefentry> "
"<refentrytitle>sudo</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
"para trabajar con <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> y como SSSD esconde reglas sudo."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "Configuring sudo to cooperate with SSSD"
msgstr "Configurando sudo para cooperar con SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
"To enable SSSD as a source for sudo rules, add <emphasis>sss</emphasis> to "
"the <emphasis>sudoers</emphasis> entry in <citerefentry> "
"<refentrytitle>
nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
"Para habilitar SSSD como una fuente de reglas sudo, añada <emphasis>sss</"
"emphasis> a la entrada <emphasis>sudoers</emphasis> en <citerefentry> "
"<refentrytitle>
nsswitch.conf</refentrytitle> <manvolnum>5</manvolnum> </"
#. type: Content of: <reference><refentry><refsect1><para>
"For example, to configure sudo to first lookup rules in the standard "
"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> file (which should contain rules that apply to "
"local users) and then in SSSD, the
nsswitch.conf file should contain the "
"Por ejemplo, para configurar sudo para primero buscar reglas en el fichero "
"<citerefentry> <refentrytitle>sudoers</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> estándar (que contendría reglas para aplicar al "
"usuario local) y después en SSSD, el fichero
nsswitch.conf contiene la "
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
msgid "sudoers: files sss\n"
msgstr "sudoers: files sss\n"
#. type: Content of: <reference><refentry><refsect1><para>
"More information about configuring the sudoers search order from the "
"
nsswitch.conf file as well as information about the LDAP schema that is used "
"to store sudo rules in the directory can be found in <citerefentry> "
"<refentrytitle>
sudoers.ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"Más información sobre la configuración del orden de búsqueda de sudoers "
"desde el fichero
nsswuitch.conf así información sobre el esquema LDAP que se "
"usa para almacenar reglas sudo en el directorio se puede encontrar en "
"<citerefentry> <refentrytitle>
sudoers.ldap</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
"<emphasis>Note</emphasis>: in order to use netgroups or IPA hostgroups in "
"sudo rules, you also need to correctly set <citerefentry> "
"<refentrytitle>nisdomainname</refentrytitle> <manvolnum>1</manvolnum> </"
"citerefentry> to your NIS domain name (which equals to IPA domain name when "
#. type: Content of: <reference><refentry><refsect1><title>
msgid "Configuring SSSD to fetch sudo rules"
msgstr "Configurando SSSD para ir a buscar reglas sudo"
#. type: Content of: <reference><refentry><refsect1><para>
"All configuration that is needed on SSSD side is to extend the list of "
"<emphasis>services</emphasis> with \"sudo\" in [sssd] section of "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>. To speed up the LDAP lookups, you can also set "
"search base for sudo rules using <emphasis>ldap_sudo_search_base</emphasis> "
#. type: Content of: <reference><refentry><refsect1><para>
"The following example shows how to configure SSSD to download sudo rules "
"El siguiente ejemplo muestra como configurar SSSD para descargar reglas sudo "
"desde un servidor LDAP."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"config_file_version = 2\n"
"services = nss, pam, sudo\n"
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
"config_file_version = 2\n"
"services = nss, pam, sudo\n"
"ldap_sudo_search_base = ou=sudoers,dc=example,dc=com\n"
#. type: Content of: <reference><refentry><refsect1><para>
"<placeholder type=\"programlisting\" id=\"0\"/> <phrase condition="
"\"have_systemd\"> It's important to note that on platforms where systemd is "
"supported there's no need to add the \"sudo\" provider to the list of "
#. type: Content of: <reference><refentry><refsect1><para>
"When SSSD is configured to use IPA as the ID provider, the sudo provider is "
"automatically enabled. The sudo search base is configured to use the IPA "
"native LDAP tree (cn=sudo,$SUFFIX). If any other search base is defined in "
"
sssd.conf, this value will be used instead. The compat tree (ou=sudoers,"
"$SUFFIX) is no longer required for IPA sudo functionality."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "The SUDO rule caching mechanism"
msgstr "El mecanismo de almacenamiento en cache de regla SUDO"
#. type: Content of: <reference><refentry><refsect1><para>
"The biggest challenge, when developing sudo support in SSSD, was to ensure "
"that running sudo with SSSD as the data source provides the same user "
"experience and is as fast as sudo but keeps providing the most current set "
"of rules as possible. To satisfy these requirements, SSSD uses three kinds "
"of updates. They are referred to as full refresh, smart refresh and rules "
"El mayor desafío, cuando se desarrolla soporte sudo en SSSD, fue asegurar "
"que ejecutando sudo con SSSD como la fuente de datos suministre la misma "
"experiencia de usuario y sea tan rápido como sudo pero se mantenga "
"proporcionando el conjunto más actual de reglas como sea posible. Para "
"satisfacer estos requisitos, SSSD usa tres clases de actualizaciones. A "
"ellas nos referimos como refresco total, refresco inteligente y refresco de "
#. type: Content of: <reference><refentry><refsect1><para>
"The <emphasis>smart refresh</emphasis> periodically downloads rules that are "
"new or were modified after the last update. Its primary goal is to keep the "
"database growing by fetching only small increments that do not generate "
"large amounts of network traffic."
"El <emphasis>refresco inteligente</emphasis> periódicamente descarga reglas "
"que son nuevas o fueron modificadas desde la última actualización. Su "
"objetivo principal es mantener la base de datos creciendo mediante la "
"atracción de pequeños incrementos que no generen grandes cantidades de "
#. type: Content of: <reference><refentry><refsect1><para>
"The <emphasis>full refresh</emphasis> simply deletes all sudo rules stored "
"in the cache and replaces them with all rules that are stored on the server. "
"This is used to keep the cache consistent by removing every rule which was "
"deleted from the server. However, full refresh may produce a lot of traffic "
"and thus it should be run only occasionally depending on the size and "
"stability of the sudo rules."
"<emphasis>full refresh</emphasis> simplemente refresca todas las reglas sudo "
"almacenadas en el cache y las reemplaza con las reglas que están almacenadas "
"en el servidor. Esto se usa para mantener el cache consistente borrando cada "
"regla que fue borrada del servidor. Sin embargo, un refresco total puede "
"producir gran cantidad de tráfico y por lo tanto debería ser ejecutado sólo "
"ocasionalmente dependiendo del tamaño y de la estabilidad de las reglas sudo."
#. type: Content of: <reference><refentry><refsect1><para>
"The <emphasis>rules refresh</emphasis> ensures that we do not grant the user "
"more permission than defined. It is triggered each time the user runs sudo. "
"Rules refresh will find all rules that apply to this user, check their "
"expiration time and redownload them if expired. In the case that any of "
"these rules are missing on the server, the SSSD will do an out of band full "
"refresh because more rules (that apply to other users) may have been deleted."
"El <emphasis>refresco de reglas</emphasis> asegura que no concedamos más "
"permisos al usuario que los definidos. Se dispara cada vez que el usuario "
"ejecuta sudo. El refresco de reglas encontrará todas las reglas que se "
"apliquen a ese usuario, comprobará su tiempo de expiración y las recargará "
"si han expirado. En el caso de que alguna de esas reglas estén desaparecidas "
"del servidor, SSSD hará un refresco total fuera de banda puesto que más "
"reglas (que apliquen a otros usuarios) pueden haber sido borradas."
#. type: Content of: <reference><refentry><refsect1><para>
"If enabled, SSSD will store only rules that can be applied to this machine. "
"This means rules that contain one of the following values in "
"<emphasis>sudoHost</emphasis> attribute:"
"Si está habilitado, SSSD almacenará sólo las reglas que pueden ser aplicadas "
"a esa máquina. Esto indica reglas que contienen uno de los siguientes "
"valores en el atributo <emphasis>sudoHost</emphasis>:"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
msgid "netgroup (in the form \"+netgroup\")"
msgstr "netgroup (en la forma \"+netgroup\")"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
msgid "hostname or fully qualified domain name of this machine"
"nombre de host o nombre de dominio totalmente cualificado de esta máquina"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
msgid "one of the IP addresses of this machine"
msgstr "una de las direcciones IP de esta máquina"
#. type: Content of: <reference><refentry><refsect1><itemizedlist><listitem><para>
msgid "one of the IP addresses of the network (in the form \"
address/mask\")"
"una de las direcciones IP de la red (en la forma \"dirección/máscara\")"
#. type: Content of: <reference><refentry><refsect1><para>
"There are many configuration options that can be used to adjust the "
"behavior. Please refer to \"ldap_sudo_*\" in <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> and \"sudo_*\" in <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
"Hay muchas opciones de configuración que pueden ser usadas para ajustar el "
"comportamiento. Por favor vea \"ldap_sudo_*\" en <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> y \"sudo_*\" en <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "System Security Services Daemon"
msgstr "System Security Services Daemon"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
"<command>sssd</command> <arg choice='opt'> <replaceable>options</"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>SSSD</command> provides a set of daemons to manage access to remote "
"directories and authentication mechanisms. It provides an NSS and PAM "
"interface toward the system and a pluggable backend system to connect to "
"multiple different account sources as well as D-Bus interface. It is also "
"the basis to provide client auditing and policy services for projects like "
"FreeIPA. It provides a more robust database to store local users as well as "
"<command>SSSD</command> suministra un conjunto de demonios para gestionar el "
"acceso a directorios remotos y mecanismos de autenticación. Suministra una "
"interfaz NSS y PAM hacia el sistema y un sistema de parte trasera conectable "
"para conectar múltiples fuentes de cuentas diferentes así como interfaz D-"
"Bus. Es también la base para suministrar servicios de auditoría y política a "
"los clientes para proyectos como FreeIPA. Suministra una base de datos más "
"robusta para almacenar los usuarios locales así como datos de usuario "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-d</option>,<option>--debug-level</option> <replaceable>LEVEL</"
"<option>-d</option>,<option>--debug-level</option> <replaceable>NIVEL</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "<emphasis>0</emphasis>: Disable timestamp in the debug messages"
"<emphasis>0</emphasis>: Desactiva marca de tiempo en mensajes de depuración"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
msgstr "<option>--debug-microseconds=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"<emphasis>1</emphasis>: Add microseconds to the timestamp in debug messages"
"<emphasis>1</emphasis>: Agregar microsegundos a la marca de tiempo en "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "<emphasis>0</emphasis>: Disable microseconds in timestamp"
msgstr "<emphasis>0</emphasis>: Desactiva microsegundos en marcas de tiempo"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-f</option>,<option>--debug-to-files</option>"
msgstr "<option>-f</option>,<option>--debug-to-files</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Send the debug output to files instead of stderr. By default, the log files "
"are stored in <filename>
/var/log/sssd</filename> and there are separate log "
"files for every SSSD service and domain."
"Envía la salida de depuración a ficheros en lugar de a stderr. Por defecto, "
"los ficheros de registro se almacenan en <filename>
/var/log/sssd</filename> "
"y hay ficheros de registro separados para cada servicio y dominio SSSD."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option is deprecated. It is replaced by <option>--logger=files</option>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#| msgid "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
msgid "<option>--logger=</option><replaceable>value</replaceable>"
msgstr "<option>--debug-timestamps=</option><replaceable>mode</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Location where SSSD will send log messages. This option overrides the value "
"of the deprecated option <option>--debug-to-files</option>. The deprecated "
"option will still work if the <option>--logger</option> is not used."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
"<emphasis>stderr</emphasis>: Redirect debug messages to standard error "
"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#| "Send the debug output to files instead of stderr. By default, the log "
#| "files are stored in <filename>
/var/log/sssd</filename> and there are "
#| "separate log files for every SSSD service and domain."
"<emphasis>files</emphasis>: Redirect debug messages to the log files. By "
"default, the log files are stored in <filename>
/var/log/sssd</filename> and "
"there are separate log files for every SSSD service and domain."
"Envía la salida de depuración a ficheros en lugar de a stderr. Por defecto, "
"los ficheros de registro se almacenan en <filename>
/var/log/sssd</filename> "
"y hay ficheros de registro separados para cada servicio y dominio SSSD."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#| msgid "<emphasis>1</emphasis>: Add a timestamp to the debug messages"
"<emphasis>journald</emphasis>: Redirect debug messages to systemd-journald"
"<emphasis>1</emphasis>: Agregar marca de tiempo a mensajes de depuración "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-D</option>,<option>--daemon</option>"
msgstr "<option>-D</option>,<option>--daemon</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Become a daemon after starting up."
msgstr "Convertido en un demonio después de la puesta en marcha."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-i</option>,<option>--interactive</option>"
msgstr "<option>-i</option>,<option>--interactive</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Run in the foreground, don't become a daemon."
msgstr "Ejecutar en primer plano, no convertirse en un demonio."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-c</option>,<option>--config</option>"
msgstr "<option>-c</option>,<option>--config</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Specify a non-default config file. The default is <filename>
/etc/sssd/sssd."
"conf</filename>. For reference on the config file syntax and options, "
"consult the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page."
"Especifica un fichero de configuración distinto al de por defecto. El por "
"las opciones y sintaxis del fichero de configuración, consulta la página de "
"manual <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--version</option>"
msgstr "<option>--version</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Print version number and exit."
msgstr "Imprimir número de versión y salir."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Informs the SSSD to gracefully terminate all of its child processes and then "
"Informa a SSSD para terminar graciosamente todos sus procesos hijos y "
"después para el monitor."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Tells the SSSD to stop writing to its current debug file descriptors and to "
"close and reopen them. This is meant to facilitate log rolling with programs "
"Le dice a SSSD que pare de escribir en su fichero descriptor de depuración "
"actual y cerrar y reabrirlo. Esto significa facilitar la circulación de "
"registro con programas como logrotate."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Tells the SSSD to simulate offline operation for the duration of the "
"<quote>offline_timeout</quote> parameter. This is useful for testing. The "
"signal can be sent to either the sssd process or any sssd_be process "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Tells the SSSD to go online immediately. This is useful for testing. The "
"signal can be sent to either the sssd process or any sssd_be process "
#. type: Content of: <reference><refentry><refsect1><para>
"If the environment variable SSS_NSS_USE_MEMCACHE is set to \"NO\", client "
"applications will not use the fast in memory cache."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "obfuscate a clear text password"
msgstr "oscurecer un password en texto claro"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>[PASSWORD]</"
"<command>sss_obfuscate</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>[CONTRASEÑA]</"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_obfuscate</command> converts a given password into human-"
"unreadable format and places it into appropriate domain section of the SSSD "
"<command>sss_obfuscate</command> convierte una contraseña dada en un formato "
"no legible y la sitúa en la sección apropiada del dominio del fichero de "
#. type: Content of: <reference><refentry><refsect1><para>
"The cleartext password is read from standard input or entered "
"interactively. The obfuscated password is put into "
"<quote>ldap_default_authtok</quote> parameter of a given SSSD domain and the "
"<quote>ldap_default_authtok_type</quote> parameter is set to "
"<quote>obfuscated_password</quote>. Refer to <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> for more details on these parameters."
"La contraseña en texto claro es leída desde la entrada estándar e "
"introducida interactivamente. La contraseña ofuscada se pone en el parámetro "
"<quote>ldap_default_authtok</quote> de un dominio SSSD dado y el parámetro "
"<quote>ldap_default_authtok_type</quote> se fija a "
"<quote>obfuscated_password</quote>. Vea <citerefentry> <refentrytitle>sssd-"
"ldap</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para más "
"detalles sobre estos parámetros."
#. type: Content of: <reference><refentry><refsect1><para>
"Please note that obfuscating the password provides <emphasis>no real "
"security benefit</emphasis> as it is still possible for an attacker to "
"reverse-engineer the password back. Using better authentication mechanisms "
"such as client side certificates or GSSAPI is <emphasis>strongly</emphasis> "
"Por favor advierta que oscurecer la contraseña <emphasis>no suministra un "
"beneficio real de seguridad</emphasis> y es posible para un atacante "
"mediante ingeniería inversa volver atrás la contraseña. Se recomienda "
"<emphasis>firmemente</emphasis> el uso de mejores mecanismos de "
"autenticación como certificados en el lado cliente o GSSAPI."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-s</option>,<option>--stdin</option>"
msgstr "<option>-s</option>,<option>--stdin</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "The password to obfuscate will be read from standard input."
msgstr "La contraseña a oscurecer será leída desde la entrada estándar."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-d</option>,<option>--domain</option> <replaceable>DOMAIN</"
"<option>-d</option>,<option>--domain</option> <replaceable>DOMINIO</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The SSSD domain to use the password in. The default name is <quote>default</"
"El dominio SSSD en el que usar la contraseña. El nombre por defecto es "
"<quote>default</quote>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-f</option>,<option>--file</option> <replaceable>FILE</replaceable>"
"<option>-f</option>,<option>--file</option> <replaceable>ARCHIVO</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Read the config file specified by the positional parameter."
"Lee el fichero de configuración especificado por el parámetro posicional."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "create local overrides of user and group attributes"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_override</command> <arg choice='plain'><replaceable>COMMAND</"
"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_override</command> enables to create a client-side view and "
"allows to change selected values of specific user and groups. This change "
"takes effect only on local machine."
#. type: Content of: <reference><refentry><refsect1><para>
"Overrides data are stored in the SSSD cache. If the cache is deleted, all "
"local overrides are lost. Please note that after the first override is "
"created using any of the following <emphasis>user-add</emphasis>, "
"<emphasis>group-add</emphasis>, <emphasis>user-import</emphasis> or "
"<emphasis>group-import</emphasis> command. SSSD needs to be restarted to "
"take effect. <emphasis>sss_override</emphasis> prints message when a "
#. type: Content of: <reference><refentry><refsect1><title>
msgid "AVAILABLE COMMANDS"
#. type: Content of: <reference><refentry><refsect1><para>
"Argument <emphasis>NAME</emphasis> is the name of original object in all "
"commands. It is not possible to override <emphasis>uid</emphasis> or "
"<emphasis>gid</emphasis> to 0."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>user-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-u,--uid</option> UID</"
"optional> <optional><option>-g,--gid</option> GID</optional> "
"<optional><option>-h,--home</option> HOME</optional> <optional><option>-s,--"
"shell</option> SHELL</optional> <optional><option>-c,--gecos</option> GECOS</"
"optional> <optional><option>-x,--certificate</option> BASE64 ENCODED "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Override attributes of an user. Please be aware that calling this command "
"will replace any previous override for the (NAMEd) user."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>user-del</option> <emphasis>NAME</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Remove user overrides. However be aware that overridden attributes might be "
"returned from memory cache. Please see SSSD option "
"<emphasis>memcache_timeout</emphasis> for more details."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>user-find</option> <optional><option>-d,--domain</option> DOMAIN</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"List all users with set overrides. If <emphasis>DOMAIN</emphasis> parameter "
"is set, only users from the domain are listed."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>user-show</option> <emphasis>NAME</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Show user overrides."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>user-import</option> <emphasis>FILE</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Import user overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard passwd file. The format is:"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "original_name:name:uid:gid:gecos:home:shell:base64_encoded_certificate"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"where original_name is original name of the user whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
"value simply by leaving corresponding field empty."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "ckent:superman::::::"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>user-export</option> <emphasis>FILE</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>user-import</emphasis> for data format."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>group-add</option> <emphasis>NAME</emphasis> <optional><option>-n,--"
"name</option> NAME</optional> <optional><option>-g,--gid</option> GID</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Override attributes of a group. Please be aware that calling this command "
"will replace any previous override for the (NAMEd) group."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>group-del</option> <emphasis>NAME</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Remove group overrides. However be aware that overridden attributes might be "
"returned from memory cache. Please see SSSD option "
"<emphasis>memcache_timeout</emphasis> for more details."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>group-find</option> <optional><option>-d,--domain</option> DOMAIN</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"List all groups with set overrides. If <emphasis>DOMAIN</emphasis> "
"parameter is set, only groups from the domain are listed."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>group-show</option> <emphasis>NAME</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Show group overrides."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>group-import</option> <emphasis>FILE</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Import group overrides from <emphasis>FILE</emphasis>. Data format is "
"similar to standard group file. The format is:"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "original_name:name:gid"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"where original_name is original name of the group whose attributes should be "
"overridden. The rest of fields correspond to new values. You can omit a "
"value simply by leaving corresponding field empty."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "admins:administrators:"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Domain Users:Users:501"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>group-export</option> <emphasis>FILE</emphasis>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Export all overridden attributes and store them in <emphasis>FILE</"
"emphasis>. See <emphasis>group-import</emphasis> for data format."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
msgid "Those options are available with all commands."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--debug</option> <replaceable>LEVEL</replaceable>"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "create a new user"
msgstr "Crea un nuevo usuario"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"<command>sss_useradd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_useradd</command> creates a new user account using the values "
"specified on the command line plus the default values from the system."
"<command>sss_useradd</command> crea una nueva cuenta de usuario usando los "
"valores especificados en la línea de comandos más los valores por defecto "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
"<option>-u</option>,<option>--uid</option> <replaceable>UID</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Set the UID of the user to the value of <replaceable>UID</replaceable>. If "
"not given, it is chosen automatically."
"Fija la UID del usuario al valor de <replaceable>UID</replaceable>. Si no se "
"da, se elige automáticamente."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-c</option>,<option>--gecos</option> <replaceable>COMMENT</"
"<option>-c</option>,<option>--gecos</option> <replaceable>COMENTARIO</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Any text string describing the user. Often used as the field for the user's "
"Cualquier cadena de texto describiendo al usuario. Frecuentemente se usa "
"como el campo para el nombre completo del usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
"<option>-h</option>,<option>--home</option> <replaceable>HOME_DIR</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The home directory of the user account. The default is to append the "
"<replaceable>LOGIN</replaceable> name to <filename>/home</filename> and use "
"that as the home directory. The base that is prepended before "
"<replaceable>LOGIN</replaceable> is tunable with <quote>user_defaults/"
"El directorio home de la cuenta de usuario. Por defecto se añade el nombre "
"<replaceable>LOGIN</replaceable> a <filename>/home</filename> y utiliza esto "
"como directorio home. La base de que se antepondrá antes <replaceable>LOGIN</"
"replaceable> es sintonizable con el ajuste <quote>user_defaults/"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
"<option>-s</option>,<option>--shell</option> <replaceable>SHELL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The user's login shell. The default is currently <filename>
/bin/bash</"
"filename>. The default can be changed with <quote>user_defaults/"
"La shell de acceso del usuario. Por defecto es actualmente <filename>/bin/"
"bash</filename>. El valor por defecto puede ser cambiado con el ajuste "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-G</option>,<option>--groups</option> <replaceable>GROUPS</"
"<option>-G</option>,<option>--groups</option> <replaceable>GRUPOS</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "A list of existing groups this user is also a member of."
"Una lista de grupos existentes de los que el usuario también es miembro."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-m</option>,<option>--create-home</option>"
msgstr "<option>-m</option>,<option>--create-home</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Create the user's home directory if it does not exist. The files and "
"directories contained in the skeleton directory (which can be defined with "
"the -k option or in the config file) will be copied to the home directory."
"Crea el directorio home del usuario si no existe. Los ficheros y directorios "
"contenidos en el directorio esqueleto (que pueden ser definidos con la "
"opción –k o en el fichero de configuración) serán copiados en el directorio "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-M</option>,<option>--no-create-home</option>"
msgstr "<option>-M</option>,<option>--no-create-home</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Do not create the user's home directory. Overrides configuration settings."
"No se crear el directorio principal del usuario. Reemplaza los valores de "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
"<option>-k</option>,<option>--skel</option> <replaceable>SKELDIR</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The skeleton directory, which contains files and directories to be copied in "
"the user's home directory, when the home directory is created by "
"<command>sss_useradd</command>."
"El directorio esqueleto, que contiene ficheros y directorios a copiar en el "
"directorio home del usuario, cuando el directorio home es creado por "
"<command>sss_useradd</command>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Special files (block devices, character devices, named pipes and unix "
"sockets) will not be copied."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option is only valid if the <option>-m</option> (or <option>--create-"
"home</option>) option is specified, or creation of home directories is set "
"to TRUE in the configuration."
"Esta opción sólo es válida si se ha especificado la opción <option>-m</"
"option> (o <option>--create-home</option>), o la creación de directorios "
"home está fijada a TRUE en la configuración."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-Z</option>,<option>--selinux-user</option> "
"<replaceable>SELINUX_USER</replaceable>"
"<option>-Z</option>,<option>--selinux-user</option> "
"<replaceable>SELINUX_USER</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The SELinux user for the user's login. If not specified, the system default "
"El usuario SELinux para el acceso de usuario. Si no se especifica, se usará "
"el valor por defecto del sistema."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD Kerberos provider"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the Kerberos 5 "
"authentication backend for <citerefentry> <refentrytitle>sssd</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>. For a detailed "
"syntax reference, please refer to the <quote>FILE FORMAT</quote> section of "
"the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page."
"Esta página de manual describe la configuración del motor de autenticación "
"de Kerberos 5 para <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de "
"la sintaxis, por favor vea la sección <quote>FORMATO DE ARCHIVO</quote> de "
"la página de manual de <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
"The Kerberos 5 authentication backend contains auth and chpass providers. It "
"must be paired with an identity provider in order to function properly (for "
"example, id_provider = ldap). Some information required by the Kerberos 5 "
"authentication backend must be provided by the identity provider, such as "
"the user's Kerberos Principal Name (UPN). The configuration of the identity "
"provider should have an entry to specify the UPN. Please refer to the man "
"page for the applicable identity provider for details on how to configure "
"El motor de autenticaciónd e Kerberos 5 contiene proveedores auth y chpass. "
"Debe ir junto con un proveedor de identidad para que funcione adecuadamente "
"(por ejemplo, id_provider = ldap). Algo de información requerida por el "
"motor de autenticación de Kerberos 5 debe ser provista por el proveedor de "
"identidad, tal como el Nombre Principal del usuario de Kerberos (NPU). La "
"configuración del proveedor de identidad debe tener una entrada específica "
"para el NPU. Por favor, vea la página del manual para el proveedor de "
"identidad aplicable, para más detalles sobre cómo configurar esto."
#. type: Content of: <reference><refentry><refsect1><para>
"This backend also provides access control based on the .k5login file in the "
"home directory of the user. See <citerefentry> <refentrytitle>.k5login</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry> for more details. "
"Please note that an empty .k5login file will deny all access to this user. "
"To activate this feature, use 'access_provider = krb5' in your SSSD "
"Este motor también provee control de acceso basado en el archivo .k5login en "
"el directorio de inicio del usuario. Vea <citerefentry> <refentrytitle>."
"k5login</refentrytitle><manvolnum>5</manvolnum> </citerefentry> para más "
"detalles. Por favor, observe que un archivo .k5login vacío negará todo el "
"acceso a este usaurio. Para activar esta característica, use "
"'access_provider = krb5' en su configuración de SSSD."
#. type: Content of: <reference><refentry><refsect1><para>
"In the case where the UPN is not available in the identity backend, "
"<command>sssd</command> will construct a UPN using the format "
"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
"En el caso de que el NPU no esté disponible en el motor de identidad, "
"<command>sssd</command> construirá un NPU usando el formato "
"<replaceable>username</replaceable>@<replaceable>krb5_realm</replaceable>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of IP addresses or hostnames of the "
"Kerberos servers to which SSSD should connect, in the order of preference. "
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. An optional port number (preceded by a "
"colon) may be appended to the addresses or hostnames. If empty, service "
"discovery is enabled; for more information, refer to the <quote>SERVICE "
"DISCOVERY</quote> section."
"Especifica una lista separada por comas de direcciones IP o nombres de host "
"de los servidores Kerberos a los cuales se conectaría SSSD en orden de "
"preferencia. Para más información sobre failover y redundancia de servidor, "
"vea la sección <quote>FAILOVER</quote>. Un número de puerto opcional "
"(precedido de dos puntos) puede ser añadido a las direcciones o nombres de "
"host. Si está vacío, el servicio descubridor está habilitado; para más "
"información, vea la sección <quote>SERVICE DISCOVERY</quote>."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The name of the Kerberos realm. This option is required and must be "
"El nombre del reino Kerberos. Esta opción se requiere y debe ser "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_kpasswd, krb5_backup_kpasswd (string)"
msgstr "krb5_kpasswd, krb5_backup_kpasswd (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"If the change password service is not running on the KDC, alternative "
"servers can be defined here. An optional port number (preceded by a colon) "
"may be appended to the addresses or hostnames."
"Si el servicio de cambio de contraseña no está corriendo en el KDC, se "
"pueden definir aquí servidores alternativos. Un número de puerto opcional "
"(precedido de dos puntos) debe ser añadido a las direcciones o nombres de "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"For more information on failover and server redundancy, see the "
"<quote>FAILOVER</quote> section. NOTE: Even if there are no more kpasswd "
"servers to try, the backend is not switched to operate offline if "
"authentication against the KDC is still possible."
"Para más información sobre recuperación de fallos y redundancia de servidor, "
"consulte la sección de <quote>conmutación por error</quote>. Nota: incluso "
"si no hay más servidores kpasswd para intentar, y el punto final no está "
"conmutado para trabajar fuera de línea la autenticación contra el KDC es "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: Use the KDC"
msgstr "Predeterminado: Use the KDC"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_ccachedir (string)"
msgstr "krb5_ccachedir (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Directory to store credential caches. All the substitution sequences of "
"krb5_ccname_template can be used here, too, except %d and %P. The directory "
"is created as private and owned by the user, with permissions set to 0700."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgstr "Predeterminado: /tmp"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_ccname_template (string)"
msgstr "krb5_ccname_template (string)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgstr "nombre de acceso"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgstr "nombre principal"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "value of krb5_ccachedir"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "the process ID of the SSSD client"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Location of the user's credential cache. Three credential cache types are "
"currently supported: <quote>FILE</quote>, <quote>DIR</quote> and "
"<quote>KEYRING:persistent</quote>. The cache can be specified either as "
"<replaceable>TYPE:RESIDUAL</replaceable>, or as an absolute path, which "
"implies the <quote>FILE</quote> type. In the template, the following "
"sequences are substituted: <placeholder type=\"variablelist\" id=\"0\"/> If "
"the template ends with 'XXXXXX' mkstemp(3) is used to create a unique "
"filename in a safe way."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"When using KEYRING types, the only supported mechanism is <quote>KEYRING:"
"persistent:%U</quote>, which uses the Linux kernel keyring to store "
"credentials on a per-UID basis. This is also the recommended choice, as it "
"is the most secure and predictable method."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The default value for the credential cache name is sourced from the profile "
"stored in the system wide
krb5.conf configuration file in the [libdefaults] "
"section. The option name is default_ccache_name. See
krb5.conf(5)'s "
"PARAMETER EXPANSION paragraph for additional information on the expansion "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: Please be aware that libkrb5 ccache expansion template from "
"<citerefentry> <refentrytitle>
krb5.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> uses different expansion sequences than SSSD."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: (from libkrb5)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_auth_timeout (integer)"
msgstr "krb5_auth_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Timeout in seconds after an online authentication request or change password "
"request is aborted. If possible, the authentication request is continued "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_validate (boolean)"
msgstr "krb5_validate (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Verify with the help of krb5_keytab that the TGT obtained has not been "
"spoofed. The keytab is checked for entries sequentially, and the first entry "
"with a matching realm is used for validation. If no entry matches the realm, "
"the last entry in the keytab is used. This process can be used to validate "
"environments using cross-realm trust by placing the appropriate keytab entry "
"as the last entry or the only entry in the keytab file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_keytab (string)"
msgstr "krb5_keytab (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The location of the keytab to use when validating credentials obtained from "
"La localización de la keytab a usar cuando son obtenidas credenciales "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_store_password_if_offline (boolean)"
msgstr "krb5_store_password_if_offline (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Store the password of the user if the provider is offline and use it to "
"request a TGT when the provider comes online again."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: this feature is only available on Linux. Passwords stored in this way "
"are kept in plaintext in the kernel keyring and are potentially accessible "
"by the root user (with difficulty)."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_renewable_lifetime (string)"
msgstr "krb5_renewable_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Request a renewable ticket with a total lifetime, given as an integer "
"immediately followed by a time unit:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>s</emphasis> for seconds"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>m</emphasis> for minutes"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>h</emphasis> for hours"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "<emphasis>d</emphasis> for days."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "If there is no unit given, <emphasis>s</emphasis> is assumed."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: It is not possible to mix units. To set the renewable lifetime to one "
"and a half hours, use '90m' instead of '1h30m'."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set,
i.e. the TGT is not renewable"
msgstr "Por defecto: no fijado, esto es el TGT no es renovable"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_lifetime (string)"
msgstr "krb5_lifetime (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Request ticket with a lifetime, given as an integer immediately followed by "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "If there is no unit given <emphasis>s</emphasis> is assumed."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: It is not possible to mix units. To set the lifetime to one and a "
"half hours please use '90m' instead of '1h30m'."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Default: not set,
i.e. the default ticket lifetime configured on the KDC."
"Por defecto: no fijado, esto es el tiempo de vida de la entrada por defecto "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_renew_interval (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The time in seconds between two checks if the TGT should be renewed. TGTs "
"are renewed if about half of their lifetime is exceeded, given as an integer "
"immediately followed by a time unit:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "If this option is not set or is 0 the automatic renewal is disabled."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_use_fast (string)"
msgstr "krb5_use_fast (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Enables flexible authentication secure tunneling (FAST) for Kerberos pre-"
"authentication. The following options are supported:"
"Habilita la autenticación segura flexible de los túneles (FSAT) para la pre-"
"autenticación Kerberos. Se soportan las siguientes opciones:"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>never</emphasis> use FAST. This is equivalent to not setting this "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>try</emphasis> to use FAST. If the server does not support FAST, "
"continue the authentication without it."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<emphasis>demand</emphasis> to use FAST. The authentication fails if the "
"server does not require fast."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: not set,
i.e. FAST is not used."
msgstr "Por defecto: no fijado, esto es no se usa FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "NOTE: a keytab is required to use FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"NOTE: SSSD supports FAST only with MIT Kerberos version 1.8 and later. If "
"SSSD is used with an older version of MIT Kerberos, using this option is a "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_fast_principal (string)"
msgstr "krb5_fast_principal (cadena)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Specifies the server principal to use for FAST."
msgstr "Especifica el servidor principal para usar por FAST."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies if the host and user principal should be canonicalized. This "
"feature is available with MIT Kerberos 1.7 and later versions."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_use_enterprise_principal (boolean)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"Specifies if the user principal should be treated as enterprise principal. "
"See section 5 of RFC 6806 for more details about enterprise principals."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "Default: false (AD provider: true)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The IPA provider will set to option to 'true' if it detects that the server "
"is capable of handling enterprise principals and the option is not set "
"explicitly in the config file."
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
msgid "krb5_map_user (string)"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"The list of mappings is given as a comma-separated list of pairs "
"<quote>username:primary</quote> where <quote>username</quote> is a UNIX user "
"name and <quote>primary</quote> is a user part of a kerberos principal. This "
"mapping is used when user is authenticating using <quote>auth_provider = "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para><programlisting>
"krb5_map_user = joe:juser,dick:richard\n"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
"<quote>joe</quote> and <quote>dick</quote> are UNIX user names and "
"<quote>juser</quote> and <quote>richard</quote> are primaries of kerberos "
"principals. For user <quote>joe</quote> resp. <quote>dick</quote> SSSD will "
"try to kinit as <quote>juser@REALM</quote> resp. <quote>richard@REALM</"
#. type: Content of: <reference><refentry><refsect1><para>
"If the auth-module krb5 is used in an SSSD domain, the following options "
"must be used. See the <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page, section "
"<quote>DOMAIN SECTIONS</quote>, for details on the configuration of an SSSD "
"domain. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and FOO is "
"one of the domains in the <replaceable>[sssd]</replaceable> section. This "
"example shows only configuration of Kerberos authentication; it does not "
"include any identity provider."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"krb5_server = 192.168.1.1\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "create a new group"
msgstr "Crea un nuevo grupo"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"<command>sss_groupadd</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_groupadd</command> creates a new group. These groups are "
"compatible with POSIX groups, with the additional feature that they can "
"contain other groups as members."
"<command>sss_groupadd</command> cre un nuevo grupo. Estos grupos son "
"compatibles con grupos POXIS, con la característica adicional que pueden "
"contener otros grupos como miembros."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
"<option>-g</option>,<option>--gid</option> <replaceable>GID</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Set the GID of the group to the value of <replaceable>GID</replaceable>. If "
"not given, it is chosen automatically."
"Fija el GID del grupo al valor de <replaceable>GID</replaceable>. Si no se "
"da, se elige automáticamente."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "delete a user account"
msgstr "eliminar una cuenta de usuario"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"<command>sss_userdel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_userdel</command> deletes a user identified by login name "
"<replaceable>LOGIN</replaceable> from the system."
"<command>sss_userdel</command> borra del sistema un usuario identificado por "
"su nombre de acceso <replaceable>LOGIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-r</option>,<option>--remove</option>"
msgstr "<option>-r</option>,<option>--remove</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Files in the user's home directory will be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
"Los ficheros en el directorio home del usuario serán borrados así como el "
"directorio home mismo y el buzón de correo del usuario. Reescribe la "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-R</option>,<option>--no-remove</option>"
msgstr "<option>-R</option>,<option>--no-remove</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Files in the user's home directory will NOT be removed along with the home "
"directory itself and the user's mail spool. Overrides the configuration."
"Los ficheros en el directorio home del usuario NO serán borrados así como el "
"directorio home mismo y el buzón de correo del usuario. Reescribe la "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-f</option>,<option>--force</option>"
msgstr "<option>-f</option>,<option>--force</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option forces <command>sss_userdel</command> to remove the user's home "
"directory and mail spool, even if they are not owned by the specified user."
"Esta opción fuerza a <command>sss_userdel</command> a borrar el directorio "
"home del usuario y el buzón de correo, aunque no sea propiedad del usuario "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-k</option>,<option>--kick</option>"
msgstr "<option>-k</option>,<option>--kick</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Before actually deleting the user, terminate all his processes."
msgstr "Antes de realmente eliminar al usuario, terminar todos sus procesos."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgstr "eliminar un grupo"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"<command>sss_groupdel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_groupdel</command> deletes a group identified by its name "
"<replaceable>GROUP</replaceable> from the system."
"<command>sss_groupdel</command> borra del sistema un grupo identificado por "
"su nombre <replaceable>GROUP</replaceable>."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "print properties of a group"
msgstr "imprime las propiedades de un grupo"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GROUP</replaceable></"
"<command>sss_groupshow</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>GRUPO</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_groupshow</command> displays information about a group "
"identified by its name <replaceable>GROUP</replaceable>. The information "
"includes the group ID number, members of the group and the parent group."
"<command>sss_groupshow</command> muestra información sobre un grupo "
"identificado por su nombre <replaceable>GROUP</replaceable>. La información "
"incluye el número de ID del grupo, miembros del grupo y padres del grupo."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-R</option>,<option>--recursive</option>"
msgstr "<option>-R</option>,<option>--recursive</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Also print indirect group members in a tree-like hierarchy. Note that this "
"also affects printing parent groups - without <option>R</option>, only the "
"direct parent will be printed."
"También imprime miembros indirectos del grupo en una jerarquía de árbol. "
"Advierta que esto también afecta a la impresión de los grupos padres – sin "
"<option>R</option>,, sólo se imprimirá los padres directos."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "modify a user account"
msgstr "Modifica una cuenta de usuario"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
"<command>sss_usermod</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>LOGIN</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_usermod</command> modifies the account specified by "
"<replaceable>LOGIN</replaceable> to reflect the changes that are specified "
"<command>sss_usermod</command> modifica la cuenta especificada por "
"<replaceable>LOGIN</replaceable> para reflejar los cambios que se han "
"especificado en la línea de comando."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "The home directory of the user account."
msgstr "El directorio principal de la cuenta de usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "The user's login shell."
msgstr "Shell de inicio de sesión del usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Append this user to groups specified by the <replaceable>GROUPS</"
"replaceable> parameter. The <replaceable>GROUPS</replaceable> parameter is "
"a comma separated list of group names."
"Añade este usuario a los grupos especificados por el parámetro "
"<replaceable>GROUPS</replaceable>. El parámetro <replaceable>GROUPS</"
"replaceable> es una lista separada por comas de nombres de grupo."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Remove this user from groups specified by the <replaceable>GROUPS</"
"replaceable> parameter."
"Borrar este usuario de los grupos especificados por el parámetro "
"<replaceable>GROUPS</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-l</option>,<option>--lock</option>"
msgstr "<option>-l</option>,<option>--lock</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Lock the user account. The user won't be able to log in."
msgstr "Bloquea la cuenta de usuario. El usuario no será capaz de acceder."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-u</option>,<option>--unlock</option>"
msgstr "<option>-u</option>,<option>--unlock</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Unlock the user account."
msgstr "Desbloquea la cuenta de usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "The SELinux user for the user's login."
msgstr "El usuario SELinux para el acceso del usuario."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--addattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--setattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Set an attribute to a
name/value pair. The format is attrname=value. For "
"multi-valued attributes, the command replaces the values already present"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>--delattr</option> <replaceable>ATTR_NAME_VAL</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "perform cache cleanup"
msgstr "lleva a cabo la limpieza del escondrijo"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
"<command>sss_cache</command> <arg choice='opt'> <replaceable>options</"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_cache</command> invalidates records in SSSD cache. Invalidated "
"records are forced to be reloaded from server as soon as related SSSD "
"backend is online. Options that invalidate a single object only accept a "
"single provided argument."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-E</option>,<option>--everything</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate all cached entries."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
"<option>-u</option>,<option>--user</option> <replaceable>login</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate specific user."
msgstr "Invalida el usuario específico."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-U</option>,<option>--users</option>"
msgstr "<option>-U</option>,<option>--users</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate all user records. This option overrides invalidation of specific "
"user if it was also set."
"Invalida todos los registros de usuario. Esta opción anula la invalidación "
"de usuario específico si también está fijada."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
"<option>-g</option>,<option>--group</option> <replaceable>group</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate specific group."
msgstr "Invalida grupo específico."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-G</option>,<option>--groups</option>"
msgstr "<option>-G</option>,<option>--groups</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate all group records. This option overrides invalidation of specific "
"group if it was also set."
"Invalida todos los registros de grupo. Esta opción anula la invalidación de "
"grupo específico si también está fijada."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
"<option>-n</option>,<option>--netgroup</option> <replaceable>netgroup</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate specific netgroup."
msgstr "Invalida grupo de red específico."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-N</option>,<option>--netgroups</option>"
msgstr "<option>-N</option>,<option>--netgroups</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate all netgroup records. This option overrides invalidation of "
"specific netgroup if it was also set."
"Invalida todos los registros de grupo de red. Esta opción anula la "
"invalidación de grupo de red específico si también está fijada."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-s</option>,<option>--service</option> <replaceable>service</"
"<option>-s</option>,<option>--service</option> <replaceable>service</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate specific service."
msgstr "Invalida servicio específico"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-S</option>,<option>--services</option>"
msgstr "<option>-S</option>,<option>--services</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate all service records. This option overrides invalidation of "
"specific service if it was also set."
"Invalida todos los archivos de servicio. Esta opción anula la invalidación "
"de servicio específico si también fue fijada."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
"<option>-a</option>,<option>--autofs-map</option> <replaceable>autofs-map</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate specific autofs maps."
msgstr "Invalida mapas específicos autofs."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-A</option>,<option>--autofs-maps</option>"
msgstr "<option>-A</option>,<option>--autofs-maps</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate all autofs maps. This option overrides invalidation of specific "
"map if it was also set."
"Invalida todos los mapas autofs. Esta opción anula la invalidación de mapa "
"específico si fue fijada."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-h</option>,<option>--ssh-host</option> <replaceable>hostname</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate SSH public keys of a specific host."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-H</option>,<option>--ssh-hosts</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate SSH public keys of all hosts. This option overrides invalidation "
"of SSH public keys of specific host if it was also set."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-r</option>,<option>--sudo-rule</option> <replaceable>rule</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Invalidate particular sudo rule."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "<option>-R</option>,<option>--sudo-rules</option>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Invalidate all cached sudo rules. This option overrides invalidation of "
"specific sudo rule if it was also set."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
"<option>-d</option>,<option>--domain</option> <replaceable>domain</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Restrict invalidation process only to a particular domain."
msgstr "Restringe el proceso de invalidación sólo a un dominio concreto."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#| msgid "change debug level while SSSD is running"
msgid "[DEPRECATED] change debug level while SSSD is running"
msgstr "cambia el nivel de depuración mientras SSSD está corriendo"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
"<command>sss_debuglevel</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'><replaceable>NEW_DEBUG_LEVEL</"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_debuglevel</command> is deprecated and replaced by the sssctl "
"debug-level command. Please refer to the <command>sssctl</command> man page "
"for more information on sssctl usage."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "seed the SSSD cache with a user"
msgstr "alimenta el cache SSSD con un usuario"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
"<command>sss_seed</command> <arg choice='opt'> <replaceable>options</"
"replaceable> </arg> <arg choice='plain'>-D <replaceable>DOMAIN</"
"replaceable></arg> <arg choice='plain'>-n <replaceable>USER</replaceable></"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_seed</command> seeds the SSSD cache with a user entry and "
"temporary password. If a user entry is already present in the SSSD cache "
"then the entry is updated with the temporary password."
"<command>sss_seed</command> alimenta el cache SSSD con una entrada de "
"usuario y una contresañe temporal. Si una entrada de usuario está ya "
"presente en el cache SSSD la entrada se actualiza con la contraseña temporal"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
"<option>-D</option>,<option>--domain</option> <replaceable>DOMAIN</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Provide the name of the domain in which the user is a member of. The domain "
"is also used to retrieve user information. The domain must be configured in "
"
sssd.conf. The <replaceable>DOMAIN</replaceable> option must be provided. "
"Information retrieved from the domain overrides what is provided in the "
"Suministra el nombre del dominio del que el usuario es miembro. El dominio "
"también se usa para recuperar información del usuario. El dominio debe estar "
"configurado en
sssd.conf. La opción <replaceable>DOMAIN</replaceable> debe "
"ser suministrada. La información recuperada del dominio anula la que se ha "
"suministrado en las opciones."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-n</option>,<option>--username</option> <replaceable>USER</"
"<option>-n</option>,<option>--username</option> <replaceable>USER</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The username of the entry to be created or modified in the cache. The "
"<replaceable>USER</replaceable> option must be provided."
"El nombre de usuario de la entrada a ser creado o modificado en el cache. Se "
"debe suministrar la opción <replaceable>USER</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Set the UID of the user to <replaceable>UID</replaceable>."
msgstr "Fija la UID del usuario a <replaceable>UID</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Set the GID of the user to <replaceable>GID</replaceable>."
msgstr "Fija la GID del usuario a <replaceable>GID</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Set the home directory of the user to <replaceable>HOME_DIR</replaceable>."
"Fija el directorio home del usuario a <replaceable>HOME_DIR</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Set the login shell of the user to <replaceable>SHELL</replaceable>."
"Fija la shell de acceso del usuario a <replaceable>SHELL</replaceable>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Interactive mode for entering user information. This option will only prompt "
"for information not provided in the options or retrieved from the domain."
"Modo interactivo de introducir información del usuario. Esta opción sólo "
"preguntará por la información no suministrada en las opciones o recuperada "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
"<option>-p</option>,<option>--password-file</option> <replaceable>PASS_FILE</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Specify file to read user's password from. (if not specified password is "
"Especifica el fichero desde donde leer la contraseña del usuario (si no se "
"especifica se pregunta por la contraseña)"
#. type: Content of: <reference><refentry><refsect1><para>
"The length of the password (or the size of file specified with -p or --"
"password-file option) must be less than or equal to PASS_MAX bytes (64 bytes "
"on systems with no globally-defined PASS_MAX value)."
"La longitud de la contraseña (o el tamaño especificado con la opción -p or --"
"password-file) debe ser menos o igual a PASS_MAX bytes ( 64 bytes en "
"sistemas sin valor PASS_MAX globalmente definido)."
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD InfoPipe responder"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the InfoPipe responder for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
#. type: Content of: <reference><refentry><refsect1><para>
"The InfoPipe responder provides a public D-Bus interface accessible over the "
"system bus. The interface allows the user to query information about remote "
"users and groups over the system bus."
#. type: Content of: <reference><refentry><refsect1><para>
msgid "These options can be used to configure the InfoPipe responder."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Specifies the comma-separated list of UID values or user names that are "
"allowed to access the InfoPipe responder. User names are resolved to UIDs at "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Default: 0 (only the root user is allowed to access the InfoPipe responder)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Please note that although the UID 0 is used as the default it will be "
"overwritten with this option. If you still want to allow the root user to "
"access the InfoPipe responder, which would be the typical case, you have to "
"add 0 to the list of allowed UIDs as well."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Specifies the comma-separated list of white or blacklisted attributes."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "user's login name"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "user information, typically full name"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"By default, the InfoPipe responder only allows the default set of POSIX "
"attributes to be requested. This set is the same as returned by "
"<citerefentry> <refentrytitle>getpwnam</refentrytitle> <manvolnum>3</"
"manvolnum> </citerefentry> and includes: <placeholder type=\"variablelist\" "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
"user_attributes = +telephoneNumber, -loginShell\n"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"It is possible to add another attribute to this set by using <quote>"
"+attr_name</quote> or explicitly remove an attribute using <quote>-"
"attr_name</quote>. For example, to allow <quote>telephoneNumber</quote> but "
"deny <quote>loginShell</quote>, you would use the following configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: not set. Only the default set of POSIX attributes is allowed."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Specifies an upper limit on the number of entries that are downloaded during "
"a wildcard lookup that overrides caller-supplied limit."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: 0 (let the caller set an upper limit)"
#. type: Content of: <reference><refentry><refentryinfo>
"<productname>sss
rpc.idmapd plugin</productname> <author> <firstname>Noam</"
"firstname> <surname>Meltzer</surname> <affiliation> <orgname>Primary Data "
"Inc.</orgname> </affiliation> <contrib>Developer (2013-2014)</contrib> </"
"author> <author> <firstname>Noam</firstname> <surname>Meltzer</surname> "
"<contrib>Developer (2014-)</contrib> <email>tsnoam@gmail.com</email> </"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "sss plugin configuration directives for
rpc.idmapd"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "CONFIGURATION FILE"
#. type: Content of: <reference><refentry><refsect1><para>
"conf</emphasis>. See <citerefentry> <refentrytitle>
idmapd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> for more information."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "SSS CONFIGURATION EXTENSION"
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "Enable SSS plugin"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"In section <quote>[Translation]</quote>,
modify/set <quote>Method</quote> "
"attribute to contain <emphasis>sss</emphasis>."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "[sss] config section"
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"In order to change the default of one of the configuration attributes of the "
"<emphasis>sss</emphasis> plugin listed below you will need to create a "
"config section for it, named <quote>[sss]</quote>."
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><title>
msgid "Configuration attributes"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Indicates whether or not to use memcache optimisation technique."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"The sss plugin requires the <emphasis>NSS Responder</emphasis> to be enabled "
#. type: Content of: <reference><refentry><refsect1><para>
"The attribute <quote>use_fully_qualified_names</quote> must be enabled on "
"all domains (NFSv4 clients expect a fully qualified name to be sent on the "
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"# domain must be synced between NFSv4 server and clients\n"
"Nobody-User = nfsnobody\n"
"Nobody-Group = nfsnobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
"The following example shows a minimal
idmapd.conf which makes use of the sss "
"plugin. <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>
idmapd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sss_ssh_authorizedkeys"
msgstr "sss_ssh_authorizedkeys"
#. type: Content of: <reference><refentry><refmeta><manvolnum>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "get OpenSSH authorized keys"
msgstr "obtiene las claves OpenSSH autorizadas"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>USER</replaceable></arg>"
"<command>sss_ssh_authorizedkeys</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>USER</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_ssh_authorizedkeys</command> acquires SSH public keys for user "
"<replaceable>USER</replaceable> and outputs them in OpenSSH authorized_keys "
"format (see the <quote>AUTHORIZED_KEYS FILE FORMAT</quote> section of "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> for more information)."
"<command>sss_ssh_authorizedkeys</command> adquiere la clave pública SSH para "
"el usuario <replaceable>USER</replaceable> y las saca en formato de claves "
"autorizadas OpenSSH (vea la sección <quote>AUTHORIZED_KEYS FILE FORMAT</"
"quote> de <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
"manvolnum></citerefentry> para más información)."
#. type: Content of: <reference><refentry><refsect1><para>
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_authorizedkeys</"
"command> for public key user authentication if it is compiled with support "
"for <quote>AuthorizedKeysCommand</quote> option. Please refer to the "
"<citerefentry> <refentrytitle>sshd_config</refentrytitle> <manvolnum>5</"
"manvolnum></citerefentry> man page for more details about this option."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
" AuthorizedKeysCommandUser nobody\n"
#. type: Content of: <reference><refentry><refsect1><para>
"If <quote>AuthorizedKeysCommand</quote> is supported, "
"<citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</manvolnum></"
"citerefentry> can be configured to use it by putting the following "
"directives in <citerefentry> <refentrytitle>sshd_config</refentrytitle> "
"<manvolnum>5</manvolnum></citerefentry>: <placeholder type=\"programlisting"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Search for user public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
"Busca las claves públicas del usuario en el dominio SSSD "
"<replaceable>DOMAIN</replaceable>."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><para>
"In case of success, an exit value of 0 is returned. Otherwise, 1 is returned."
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sss_ssh_knownhostsproxy"
msgstr "sss_ssh_knownhostsproxy"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "get OpenSSH host keys"
msgstr "obtiene las claves OpenSSH del host"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
"<command>sss_ssh_knownhostsproxy</command> <arg choice='opt'> "
"<replaceable>options</replaceable> </arg> <arg "
"choice='plain'><replaceable>HOST</replaceable></arg> <arg "
"choice='opt'><replaceable>PROXY_COMMAND</replaceable></arg>"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sss_ssh_knownhostsproxy</command> acquires SSH host public keys for "
"host <replaceable>HOST</replaceable>, stores them in a custom OpenSSH "
"known_hosts file (see the <quote>SSH_KNOWN_HOSTS FILE FORMAT</quote> section "
"of <citerefentry><refentrytitle>sshd</refentrytitle> <manvolnum>8</"
"manvolnum></citerefentry> for more information) <filename>
/var/lib/sss/"
#. type: Content of: <reference><refentry><refsect1><para>
"If <replaceable>PROXY_COMMAND</replaceable> is specified, it is used to "
"create the connection to the host instead of opening a socket."
"Si se especifica <replaceable>PROXY_COMMAND</replaceable>, se usa para crear "
"la conexión al host en lugar de abrir un socket."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para>
"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
"citerefentry> can be configured to use <command>sss_ssh_knownhostsproxy</"
"command> for host key authentication by using the following directives for "
"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
"citerefentry> configuration: <placeholder type=\"programlisting\" id=\"0\"/>"
"<citerefentry><refentrytitle>ssh</refentrytitle> <manvolnum>1</manvolnum></"
"citerefentry> puede ser configurado para usar "
"<command>sss_ssh_knownhostsproxy</command> para autenticación de la clave "
"del host usando las siguientes directivas <citerefentry><refentrytitle>ssh</"
"refentrytitle> <manvolnum>1</manvolnum></citerefentry> configuration: "
"<placeholder type=\"programlisting\" id=\"0\"/> "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
"<option>-p</option>,<option>--port</option> <replaceable>PORT</replaceable>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Use port <replaceable>PORT</replaceable> to connect to the host. By "
"default, port 22 is used."
"Usa el puerto <replaceable>PORT</replaceable> para conectar al host. Por "
"defecto, el puerto usado es el 22."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Search for host public keys in SSSD domain <replaceable>DOMAIN</replaceable>."
"Busca las claves públicas del host en el dominio SSSD <replaceable>DOMAIN</"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD's idmap_sss Backend for Winbind"
#. type: Content of: <reference><refentry><refsect1><para>
"The idmap_sss module provides a way to call SSSD to map
UIDs/GIDs and SIDs. "
"No database is required in this case as the mapping is done by SSSD."
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "range = low - high"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Defines the available matching UID and GID range for which the backend is "
#. type: Content of: <reference><refentry><refsect1><para>
"This example shows how to configure idmap_sss as the default mapping module."
#. type: Content of: <reference><refentry><refsect1><programlisting>
"idmap config * : backend = sss\n"
"idmap config * : range = 200000-2147483647\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD control and status utility"
#. type: Content of: <reference><refentry><refsynopsisdiv><cmdsynopsis>
"<command>sssctl</command> <arg choice='plain'><replaceable>COMMAND</"
"replaceable></arg> <arg choice='opt'> <replaceable>options</replaceable> </"
#. type: Content of: <reference><refentry><refsect1><para>
"<command>sssctl</command> provides a simple and unified way to obtain "
"information about SSSD status, such as active server, auto-discovered "
"servers, domains and cached objects. In addition, it can manage SSSD data "
"files for troubleshooting in such a way that is safe to manipulate while "
#. type: Content of: <reference><refentry><refsect1><para>
"To list all available commands run <command>sssctl</command> without any "
"parameters. To print help for selected command run <command>sssctl COMMAND --"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD files provider"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the files provider for <citerefentry> "
"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
#. type: Content of: <reference><refentry><refsect1><para>
"The files provider mirrors the content of the <citerefentry> "
"<refentrytitle>passwd</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> and <citerefentry> <refentrytitle>group</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> files. The purpose of the files "
"provider is to make the users and groups traditionally only accessible with "
"NSS interfaces also available through the SSSD interfaces such as "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
"The files provider has no specific options of its own, however, generic SSSD "
"domain options can be set where applicable. Refer to the section "
"<quote>DOMAIN SECTIONS</quote> of the <citerefentry> <refentrytitle>sssd."
"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page "
"for details on the configuration of an SSSD domain."
#. type: Content of: <reference><refentry><refsect1><para>
"The following example assumes that SSSD is correctly configured and files is "
"one of the domains in the <replaceable>[sssd]</replaceable> section."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD Secrets responder"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the Secrets responder for "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"</citerefentry>. For a detailed syntax reference, refer to the <quote>FILE "
"FORMAT</quote> section of the <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
#. type: Content of: <reference><refentry><refsect1><para>
"Many system and user applications need to store private information such as "
"passwords or service keys and have no good way to properly deal with them. "
"The simple approach is to embed these <quote>secrets</quote> into "
"configuration files potentially ending up exposing sensitive key material to "
"backups, config management system and in general making it harder to secure "
#. type: Content of: <reference><refentry><refsect1><para>
"project was born to deal with this problem in cloud like environments, but "
"we found the idea compelling even at a single system level. As a security "
"service, SSSD is ideal to host this capability while offering the same API "
"via a UNIX Socket. This will make it possible to use local calls and have "
"them transparently routed to a local or a remote key management store like "
"IPA Vault for storage, escrow and recovery."
#. type: Content of: <reference><refentry><refsect1><para>
"The secrets are simple key-value pairs. Each user's secrets are namespaced "
"using their user ID, which means the secrets will never collide between "
"users. Secrets can be stored inside <quote>containers</quote> which can be "
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
msgid "secrets for general usage"
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><para><variablelist><varlistentry><listitem><para>
#| "Used by <citerefentry> <refentrytitle>sss_useradd</refentrytitle> "
#| "<manvolnum>8</manvolnum> </citerefentry> to specify the default "
#| "permissions on a newly created home directory."
"used by the <citerefentry> <refentrytitle>sssd-kcm</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry> service."
"Utilizado por <citerefentry><refentrytitle>sss_useradd</refentrytitle> "
"<manvolnum>8</manvolnum></citerefentry> para especificar los permisos "
"predeterminados en un directorio de inicio recién creado."
#. type: Content of: <reference><refentry><refsect1><para>
"Since the secrets responder can be used both externally to store general "
"secrets, as described in the rest of this man page, but also internally by "
"other SSSD components to store their secret material, some configuration "
"options, like quotas can be configured per <quote>hive</quote> in a "
"configuration subsection named after the hive. The currently supported hives "
"are: <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "USING THE SECRETS RESPONDER"
#. type: Content of: <reference><refentry><refsect1><para>
"The UNIX socket the SSSD responder listens on is located at <filename>/var/"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para>
"The secrets responder is socket-activated by <citerefentry> "
"<refentrytitle>systemd</refentrytitle> <manvolnum>1</manvolnum> </"
"citerefentry>. Unlike other SSSD responders, it cannot be started by adding "
"the <quote>secrets</quote> string to the <quote>service</quote> directive. "
"order for the service to be socket-activated, make sure the socket is "
"enabled and active and the service is enabled: <placeholder type="
"\"programlisting\" id=\"0\"/> Please note your distribution may already "
"configure the units for you."
#. type: Content of: <reference><refentry><refsect1><para>
"The generic SSSD responder options such as <quote>debug_level</quote> or "
"<quote>fd_limit</quote> are accepted by the secrets responder. Please refer "
"to the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for a complete list. In addition, "
"there are some secrets-specific options as well."
#. type: Content of: <reference><refentry><refsect1><para>
"The secrets responder is configured with a global <quote>[secrets]</quote> "
"section and an optional per-user <quote>[
secrets/users/$uid]</quote> section "
"in <filename>
sssd.conf</filename>. Please note that some options, notably as "
"the provider type, can only be specified in the per-user subsections."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "provider (string)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"The secrets are stored in a local database, encrypted at rest with a master "
"key. The local provider does not have any additional config options at the "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
"The secrets responder forwards the requests to a Custodia server. The proxy "
"provider supports several additional options (see below)."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option specifies where should the secrets be stored. The secrets "
"responder can configure a per-user subsections (
e.g. <quote>[secrets/"
"users/123]</quote> - see bottom of this manual page for a full example using "
"Custodia for a particular user) that define which provider store the secrets "
"for this particular user. The per-user subsections should contain all "
"options for that user's provider. Please note that currently the global "
"provider is always local, the proxy provider can only be specified in a per-"
"user section. The following providers are supported: <placeholder type="
"\"variablelist\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para>
"The following options affect only the secrets <quote>hive</quote> and "
"therefore should be set in a per-hive subsection. Setting the option to 0 "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "containers_nest_level (integer)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "This option specifies the maximum allowed number of nested containers."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "max_secrets (integer)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option specifies the maximum number of secrets that can be stored in "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: 1024 (secrets hive), 256 (kcm hive)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#| msgid "pam_id_timeout (integer)"
msgid "max_uid_secrets (integer)"
msgstr "pam_id_timeout (entero)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option specifies the maximum number of secrets that can be stored per-"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: 256 (secrets hive), 64 (kcm hive)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "max_payload_size (integer)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"This option specifies the maximum payload size allowed for a secret payload "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Default: 16 (secrets hive), 65536 (64 MiB) (kcm hive)"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"max_payload_size = 128\n"
"max_payload_size = 256\n"
#. type: Content of: <reference><refentry><refsect1><para>
"For example, to adjust quotas differently for both the <quote>secrets</"
"quote> and the <quote>kcm</quote> hives, configure the following: "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"The following options are only applicable for configurations that use the "
"<quote>proxy</quote> provider."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "proxy_url (string)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The URL the Custodia server is listening on. At the moment, http and https "
"protocols are supported."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "http[s]://<host>[:port]"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "auth_type (string)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The method to use when authenticating to a Custodia server. The following "
"authentication methods are supported:"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
"Authenticate with a username and a password as set in the <quote>username</"
"quote> and <quote>password</quote> options."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><variablelist><varlistentry><listitem><para>
"Authenticate with HTTP header value as defined in the "
"<quote>auth_header_name</quote> and <quote>auth_header_value</quote> "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "auth_header_name (string)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"If set, the secrets responder would put a header with this name into the "
"HTTP request with the value defined in the <quote>auth_header_value</quote> "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Example: MYSECRETNAME"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "auth_header_value (string)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The value sssd-secrets would use for the <quote>auth_header_name</quote>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Example: mysecret"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "forward_headers (list of strings)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The list of HTTP headers to forward to the Custodia server together with the "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "verify_peer (boolean)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Whether peer's certificate should be verified and valid if HTTPS protocol is "
"used with the proxy provider."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "verify_host (boolean)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Whether peer's hostname must match with hostname in its certificate if HTTPS "
"protocol is used with the proxy provider."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Path to directory containing stored certificate authority certificates. "
"System default path is used if this option is not set."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Path to file containing server's certificate authority certificate. If this "
"option is not set then the CA's certificate is looked up in <quote>capath</"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Path to file containing client's certificate if required by the server. This "
"file may also contain private key or the private key may be in separate file "
"set with <quote>key</quote>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Path to file containing client's private key."
#. type: Content of: <reference><refentry><refsect1><title>
msgid "USING THE REST API"
#. type: Content of: <reference><refentry><refsect1><para>
"This section lists the available commands and includes examples using the "
"<citerefentry> <refentrytitle>curl</refentrytitle> <manvolnum>1</manvolnum> "
"</citerefentry> utility. All requests towards the proxy provider must set "
"stream</quote>. Secrets stored with requests that set the Content Type "
"stored and decoded when retrieved, so it's not possible to store a secret "
"with one Content Type and retrieve with another. The secret URI must begin "
"with <filename>/secrets/</filename>."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"To list the available secrets, send a HTTP GET request with a trailing slash "
"appended to the container path."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "Retrieving a secret"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"To read a value of a single secret, send a HTTP GET request without a "
"trailing slash. The last portion of the URI is the name of the secret."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Examples: <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
"\"programlisting\" id=\"1\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"PUT request with a JSON payload that includes type and value. The type "
"should be set to \"simple\" and the value should be set to the secret value. "
"If a secret with that name already exists, the response is a 409 HTTP error."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
" -d'{\"type\":\"simple\",\"value\":\"foosecret\"}'\n"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The following example sets a secret named 'foo' to a value of 'foosecret' "
"and a secret named 'bar' to a value of 'barsecret' using a different Content "
"Type. <placeholder type=\"programlisting\" id=\"0\"/> <placeholder type="
"\"programlisting\" id=\"1\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "Creating a container"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"Containers provide an additional namespace for this user's secrets. To "
"create a container, send a HTTP POST request, whose URI ends with the "
"container name. Please note the URI must end with a trailing slash."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The following example creates a container named 'mycontainer': <placeholder "
"type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"To manipulate secrets under this container, just nest the secrets underneath "
"the container path: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "Deleting a secret or a container"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"To delete a secret or a container, send a HTTP DELETE request with a path to "
"the secret or the container."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
"The following example deletes a secret named 'foo'. <placeholder type="
"\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><title>
msgid "EXAMPLE CUSTODIA AND PROXY PROVIDER CONFIGURATION"
#. type: Content of: <reference><refentry><refsect1><para>
"For testing the proxy provider, you need to set up a Custodia server to "
"proxy requests to. Please always consult the Custodia documentation, the "
"configuration directives might change with different Custodia versions."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"server_version = \"Secret/0.0.7\"\n"
"header = MYSECRETNAME\n"
#. type: Content of: <reference><refentry><refsect1><para>
"This configuration will set up a Custodia server listening on http://"
"localhost:8080, allowing anyone with header named MYSECRETNAME set to "
"mysecretkey to communicate with the Custodia server. Place the contents "
"into a file (for example, <replaceable>
custodia.conf</replaceable>): "
"<placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"Then run the <replaceable>custodia</replaceable> command, pointing it at the "
"config file as a command line argument."
#. type: Content of: <reference><refentry><refsect1><para>
"Please note that currently it's not possible to proxy all requests globally "
"to a Custodia instance. Instead, per-user subsections for user IDs that "
"should proxy requests to Custodia must be defined. The following example "
"illustrates a configuration, where the user with UID 123 would proxy their "
"requests to Custodia, but all other user's requests would be handled by a "
#. type: Content of: <reference><refentry><refsect1><programlisting>
"auth_header_name = MYSECRETNAME\n"
"auth_header_value = mysecretkey\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
msgid "sssd-session-recording"
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
#| msgid "Configuring sudo to cooperate with SSSD"
msgid "Configuring session recording with SSSD"
msgstr "Configurando sudo para cooperar con SSSD"
#. type: Content of: <reference><refentry><refsect1><para>
#| "This manual page describes the configuration of the simple access-control "
#| "provider for <citerefentry> <refentrytitle>sssd</refentrytitle> "
#| "<manvolnum>8</manvolnum> </citerefentry>. For a detailed syntax "
#| "reference, refer to the <quote>FILE FORMAT</quote> section of the "
#| "<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
#| "manvolnum> </citerefentry> manual page."
"This manual page describes how to configure <citerefentry> "
"<refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> </citerefentry> "
"to work with <citerefentry> <refentrytitle>tlog-rec-session</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>, a part of tlog package, to "
"implement user session recording on text terminals. For a detailed "
"configuration syntax reference, refer to the <quote>FILE FORMAT</quote> "
"section of the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> manual page."
"Esta página de manual describe la configuración del proveedor de control de "
"acceso simple para <citerefentry> <refentrytitle>sssd</refentrytitle> "
"<manvolnum>8</manvolnum> </citerefentry>. Para una referencia detallada de "
"sintaxis, vea la sección <quote>FILE FORMAT</quote> de la página de manual "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>."
#. type: Content of: <reference><refentry><refsect1><para>
"SSSD can be set up to enable recording of everything specific users see or "
"type during their sessions on text terminals.
E.g. when users log in on the "
"console, or via SSH. SSSD itself doesn't record anything, but makes sure "
"tlog-rec-session is started upon user login, so it can record according to "
#. type: Content of: <reference><refentry><refsect1><para>
"For users with session recording enabled, SSSD replaces the user shell with "
"tlog-rec-session in NSS responses, and adds a variable specifying the "
"original shell to the user environment, upon PAM session setup. This way "
"tlog-rec-session can be started in place of the user shell, and know which "
"actual shell to start, once it set up the recording."
#. type: Content of: <reference><refentry><refsect1><para>
#| msgid "These options can be used to configure the PAC responder."
msgid "These options can be used to configure the session recording."
msgstr "Estas opciones pueden ser usadas para configurar el respondedor PAC."
#. type: Content of: <reference><refentry><refsect1><para>
"The following snippet of
sssd.conf enables session recording for users "
"\"contractor1\" and \"contractor2\", and group \"students\"."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
"users = contractor1, contractor2\n"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD Kerberos Cache Manager"
#. type: Content of: <reference><refentry><refsect1><para>
"This manual page describes the configuration of the SSSD Kerberos Cache "
"Manager (KCM). KCM is a process that stores, tracks and manages Kerberos "
"credential caches. It originates in the Heimdal Kerberos project, although "
"the MIT Kerberos library also provides client side (more details on that "
"below) support for the KCM credential cache."
#. type: Content of: <reference><refentry><refsect1><para>
"In a setup where Kerberos caches are managed by KCM, the Kerberos library "
"(typically used through an application, like
e.g., <citerefentry> "
"<refentrytitle>kinit</refentrytitle><manvolnum>1</manvolnum> </"
"citerefentry>, is a <quote>\"KCM client\"</quote> and the KCM daemon is "
"being referred to as a <quote>\"KCM server\"</quote>. The client and server "
"communicate over a UNIX socket."
#. type: Content of: <reference><refentry><refsect1><para>
"The KCM server keeps track of each credential caches's owner and performs "
"access check control based on the UID and GID of the KCM client. The root "
"user has access to all credential caches."
#. type: Content of: <reference><refentry><refsect1><para>
msgid "The KCM credential cache has several interesting properties:"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
"since the process runs in userspace, it is subject to UID namespacing, "
"unlike the kernel keyring"
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
"unlike the kernel keyring-based cache, which is shared between all "
"containers, the KCM server is a separate process whose entry point is a UNIX "
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
"the SSSD implementation stores the ccaches in the SSSD <citerefentry> "
"<refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry> secrets store, allowing the ccaches to survive KCM server "
"restarts or machine reboots."
#. type: Content of: <reference><refentry><refsect1><para>
"This allows the system to use a collection-aware credential cache, yet share "
"the credential cache between some or no containers by bind-mounting the "
#. type: Content of: <reference><refentry><refsect1><title>
msgid "USING THE KCM CREDENTIAL CACHE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
" default_ccache_name = KCM:\n"
#. type: Content of: <reference><refentry><refsect1><para>
"In order to use KCM credential cache, it must be selected as the default "
"credential type in <citerefentry> <refentrytitle>
krb5.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, The credentials "
"cache name must be only <quote>KCM:</quote> without any template "
"expansions. For example: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <reference><refentry><refsect1><para>
"Next, make sure the Kerberos client libraries and the KCM server must agree "
"on the UNIX socket path. By default, both use the same path <replaceable>/"
"library, change its <quote>kcm_socket</quote> option which is described in "
"the <citerefentry> <refentrytitle>
krb5.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry> manual page."
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para>
"Finally, make sure the SSSD KCM server can be contacted. The KCM service is "
"typically socket-activated by <citerefentry> <refentrytitle>systemd</"
"refentrytitle> <manvolnum>1</manvolnum> </citerefentry>. Unlike other SSSD "
"services, it cannot be started by adding the <quote>kcm</quote> string to "
"the <quote>service</quote> directive. <placeholder type=\"programlisting\" "
"id=\"0\"/> Please note your distribution may already configure the units for "
#. type: Content of: <reference><refentry><refsect1><title>
msgid "THE CREDENTIAL CACHE STORAGE"
#. type: Content of: <reference><refentry><refsect1><para><programlisting>
#. type: Content of: <reference><refentry><refsect1><para>
"The credential caches are stored in the SSSD secrets service (see "
"<citerefentry> <refentrytitle>sssd-secrets</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry> for more details). Therefore it is important that "
"also the sssd-secrets service is enabled and its socket is started: "
"<placeholder type=\"programlisting\" id=\"0\"/> Your distribution should "
"already set the dependencies between the services."
#. type: Content of: <reference><refentry><refsect1><para>
"The KCM service is configured in the <quote>kcm</quote> section of the sssd."
"conf file. Please note that currently, is it not sufficient to restart the "
"sssd-kcm service, because the sssd configuration is only parsed and read to "
"an internal configuration database by the sssd service. Therefore you must "
"restart the sssd service if you change anything in the <quote>kcm</quote> "
"section of
sssd.conf. For a detailed syntax reference, refer to the "
"<quote>FILE FORMAT</quote> section of the <citerefentry> <refentrytitle>sssd."
"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> manual page."
#. type: Content of: <reference><refentry><refsect1><para>
"The generic SSSD service options such as <quote>debug_level</quote> or "
"<quote>fd_limit</quote> are accepted by the kcm service. Please refer to "
"the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for a complete list. In addition, "
"there are some KCM-specific options as well."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
msgid "socket_path (string)"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "The socket the KCM service will listen on."
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para>
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>,"
#. type: Content of: <reference><refentry><refnamediv><refname>
#. type: Content of: <reference><refentry><refnamediv><refpurpose>
msgid "SSSD systemtap information"
#. type: Content of: <reference><refentry><refsect1><para>
#| "This manual page only describes attribute name mapping. For detailed "
#| "explanation of sudo related attribute semantics, see <citerefentry> "
#| "<refentrytitle>
sudoers.ldap</refentrytitle><manvolnum>5</manvolnum> </"
"This manual page provides information about the systemtap functionality in "
"<citerefentry> <refentrytitle>sssd</refentrytitle> <manvolnum>8</manvolnum> "
"Esta página de manual sólo describe el atributo de nombre mapping. Para una "
"explicación detallada de la semántica del atributo relacionada con sudo, vea "
"<citerefentry> <refentrytitle>
sudoers.ldap</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>"
#. type: Content of: <reference><refentry><refsect1><para>
"SystemTap Probe points have been added into various locations in SSSD code "
"to assist in troubleshooting and analyzing performance related issues."
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><para><itemizedlist><listitem><para>
#. type: Content of: <reference><refentry><refsect1><title>
#. type: Content of: <reference><refentry><refsect1><refsect2><para>
"The information below lists the probe points and arguments available in the "
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><term>
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><para>
msgid "Description of probe point"
#. type: Content of: <reference><refentry><refsect1><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "Database Transaction Probes"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sssd_transaction_start"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Start of a sysdb transaction, probes the sysdb_transaction_start() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sssd_transaction_cancel"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"Cancellation of a sysdb transaction, probes the sysdb_transaction_cancel() "
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sssd_transaction_commit_before"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sysdb_transaction_commit_before() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sssd_transaction_commit_after"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sysdb_transaction_commit_after() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "LDAP Search Probes"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_search_send"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_get_generic_ext_send() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_search_recv"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_get_generic_ext_recv() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_deref_send"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_deref_search_send() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_deref_recv"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_deref_search_recv() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "LDAP Account Request Probes"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_acct_req_send"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_acct_req_send() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_acct_req_recv"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_acct_req_recv() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "LDAP User Search Probes"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_search_user_send"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_search_user_send() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#| "fallback_homedir = /home/%u\n"
"fallback_homedir = /home/%u\n"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_search_user_recv"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_search_user_recv() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_search_user_save_begin"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_search_user_save_begin() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe sdap_search_user_save_end"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "Probes the sdap_search_user_save_end() function."
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "Data Provider Request Probes"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe dp_req_send"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "A Data Provider request is submitted."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><term>
msgid "probe dp_req_done"
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "A Data Provider request is completed."
#. type: Content of: <reference><refentry><refsect1><refsect2><para><variablelist><varlistentry><listitem><programlisting>
#. type: Content of: <reference><refentry><refsect1><refsect2><title>
msgid "MISCELLANEOUS FUNCTIONS"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "function acct_req_desc(entry_type)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Convert entry_type to string and return string"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
"function sssd_acct_req_probestr(fc_name, entry_type, filter_type, "
"filter_value, extra_value)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Create probe string based on filter type"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "function dp_target_str(target)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Convert target to string and return string"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><term>
msgid "function dp_method_str(target)"
#. type: Content of: <reference><refentry><refsect1><refsect2><variablelist><varlistentry><listitem><para>
msgid "Convert method to string and return string"
#. type: Content of: <refsect1><title>
msgid "SERVICE DISCOVERY"
msgstr "SERVICIO DE DESCUBRIMIENTO"
#. type: Content of: <refsect1><para>
"The service discovery feature allows back ends to automatically find the "
"appropriate servers to connect to using a special DNS query. This feature is "
"not supported for backup servers."
"La función servicio descubridor permite a los puntos finales encontrar "
"automáticamente los servidores apropiados a conectar para usar una pregunta "
"especial al DNS. Esta función no está soportada por los servidores de "
#. type: Content of: <refsect1><refsect2><title>
#. type: Content of: <refsect1><refsect2><para>
"If no servers are specified, the back end automatically uses service "
"discovery to try to find a server. Optionally, the user may choose to use "
"both fixed server addresses and service discovery by inserting a special "
"keyword, <quote>_srv_</quote>, in the list of servers. The order of "
"preference is maintained. This feature is useful if, for example, the user "
"prefers to use service discovery whenever possible, and fall back to a "
"specific server when no servers can be discovered using DNS."
"Si no se especifican servidores, el punto final usar automáticamente el "
"servicio descubridor para intentar encontrar un servidor. Opcionalmente, el "
"usuario puede elegir utilizar tanto las direcciones de servidor fijadas como "
"el servicio descubridor para insertar una palabra clave especial, "
"<quote>_srv_</quote>, en la lista de servidores. El orden de preferencia se "
"mantiene. Esta función es útil sí, por ejemplo, el usuario prefiere usar el "
"servicio descubridor siempre que sea posible, el volver a un servidor "
"específico cuando no se pueden descubrir servidores usando DNS."
#. type: Content of: <refsect1><refsect2><title>
msgstr "El nombre de dominio"
#. type: Content of: <refsect1><refsect2><para>
"Please refer to the <quote>dns_discovery_domain</quote> parameter in the "
"<citerefentry> <refentrytitle>
sssd.conf</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry> manual page for more details."
"Por favor vea el parámetro <quote>dns_discovery_domain</quote> en la página "
"de manual <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> "
"<manvolnum>5</manvolnum> </citerefentry> para más detalles."
#. type: Content of: <refsect1><refsect2><title>
#. type: Content of: <refsect1><refsect2><para>
"The queries usually specify _tcp as the protocol. Exceptions are documented "
"in respective option description."
"Las consultas normalmente especifican _tcp como protocolo. Las excepciones "
"se documentan en la descripción de la opción respectiva."
#. type: Content of: <refsect1><refsect2><title>
#. type: Content of: <refsect1><refsect2><para>
"For more information on the service discovery mechanism, refer to RFC 2782."
"Para más información sobre el mecanismo del servicio descubridor, vea el RFC "
#. type: Content of: <refentryinfo>
"<productname>SSSD</productname> <orgname>The SSSD upstream -
https://pagure."
#. type: Content of: outside any tag (error?)
msgid "<placeholder type=\"refentryinfo\" id=\"0\"/>"
msgstr "<placeholder type=\"refentryinfo\" id=\"0\"/>"
#. type: Content of: <refsect1><title>
msgstr "CONMUTACIÓN POR ERROR"
#. type: Content of: <refsect1><para>
"The failover feature allows back ends to automatically switch to a different "
"server if the current server fails."
"La función conmutación en error permite a los finales conmutar "
"automáticamente a un servidor diferente si el servidor actual falla."
#. type: Content of: <refsect1><refsect2><title>
msgstr "Sintaxis de conmutación por error"
#. type: Content of: <refsect1><refsect2><para>
"The list of servers is given as a comma-separated list; any number of spaces "
"is allowed around the comma. The servers are listed in order of preference. "
"The list can contain any number of servers."
"La lista de servidores se da como una lista separada por comas; se permite "
"cualquier número de espacios a los lados de la coma. Los servidores son "
"listados en orden de preferencia. La lista puede contener cualquier número "
#. type: Content of: <refsect1><refsect2><para>
"For each failover-enabled config option, two variants exist: "
"<emphasis>primary</emphasis> and <emphasis>backup</emphasis>. The idea is "
"that servers in the primary list are preferred and backup servers are only "
"searched if no primary servers can be reached. If a backup server is "
"selected, a timeout of 31 seconds is set. After this timeout SSSD will "
"periodically try to reconnect to one of the primary servers. If it succeeds, "
"it will replace the current active (backup) server."
#. type: Content of: <refsect1><refsect2><title>
msgid "The Failover Mechanism"
"El mecanismo de conmutación por errorEl mecanismo de failover distingue "
"entre una máquina y un servicio. El punto final intenta primero resolver el "
"nombre de host de una máquina dada; si el intento de resolución falla, la "
"máquina es considerada fuera de línea. No se harán más intentos de conexión "
"con esta máquina para ningún otro servicio. Si el intento de resolución "
"tiene éxito, el punto final intenta conectar a un servicio en esa máquina. "
"Si el intento de conexión al servicio falla, entonces sólo se considera "
"fuera de línea este servicio concreto y el punto final conmutará "
"automáticamente sobre el siguientes servicio. La máquina se considera que "
"sigue en línea y se puede intentar el acceso a otros servicios."
#. type: Content of: <refsect1><refsect2><para>
"The failover mechanism distinguishes between a machine and a service. The "
"back end first tries to resolve the hostname of a given machine; if this "
"resolution attempt fails, the machine is considered offline. No further "
"attempts are made to connect to this machine for any other service. If the "
"resolution attempt succeeds, the back end tries to connect to a service on "
"this machine. If the service connection attempt fails, then only this "
"particular service is considered offline and the back end automatically "
"switches over to the next service. The machine is still considered online "
"and might still be tried for another service."
"El mecanismo de conmutación por error distingue entre una máquina y un "
"servicio. El punto final intenta primero resolver el nombre de host de una "
"máquina dada; si el intento de resolución falla, la máquina es considerada "
"fuera de línea. No se harán más intentos de conexión con esta máquina para "
"ningún otro servicio. Si el intento de resolución tiene éxito, el punto "
"final intenta conectar a un servicio en esa máquina. Si el intento de "
"conexión al servicio falla, entonces sólo se considera fuera de línea este "
"servicio concreto y el punto final conmutará automáticamente sobre el "
"siguientes servicio. La máquina se considera que sigue en línea y se puede "
"intentar el acceso a otros servicios."
#. type: Content of: <refsect1><refsect2><para>
"Further connection attempts are made to machines or services marked as "
"offline after a specified period of time; this is currently hard coded to 30 "
"Los intentos de conexión adicionales son hechos a máquinas o servicios "
"marcaros como fuera de línea después de un período de tiempo especificado; "
"esto está codificado a fuego actualmente en 30 segundos."
#. type: Content of: <refsect1><refsect2><para>
"If there are no more machines to try, the back end as a whole switches to "
"offline mode, and then attempts to reconnect every 30 seconds."
"Si no hay más máquinas para intentarlo, el punto final al completo conmutará "
"al modo fuera de línea y después intentará reconectar cada 30 segundo."
#. type: Content of: <refsect1><refsect2><title>
msgid "Failover time outs and tuning"
#. type: Content of: <refsect1><refsect2><para>
"Resolving a server to connect to can be as simple as running a single DNS "
"query or can involve several steps, such as finding the correct site or "
"trying out multiple host names in case some of the configured servers are "
"not reachable. The more complex scenarios can take some time and SSSD needs "
"to balance between providing enough time to finish the resolution process "
"but on the other hand, not trying for too long before falling back to "
"offline mode. If the SSSD debug logs show that the server resolution is "
"timing out before a live server is contacted, you can consider changing the "
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
#| msgid "dns_resolver_timeout (integer)"
msgid "dns_resolver_op_timeout"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
msgid "How long would SSSD talk to a single DNS server."
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><term>
#| msgid "dns_resolver_timeout (integer)"
msgid "dns_resolver_timeout"
msgstr "dns_resolver_timeout (entero)"
#. type: Content of: <refsect1><refsect2><para><variablelist><varlistentry><listitem><para>
"How long would SSSD try to resolve a failover service. This service "
"resolution internally might include several steps, such as resolving DNS SRV "
"queries or locating the site."
#. type: Content of: <refsect1><refsect2><para>
#| "All of the common configuration options that apply to SSSD domains also "
#| "apply to LDAP domains. Refer to the <quote>DOMAIN SECTIONS</quote> "
#| "section of the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle> "
#| "<manvolnum>5</manvolnum> </citerefentry> manual page for full details. "
#| "<placeholder type=\"variablelist\" id=\"0\"/>"
"This section lists the available tunables. Please refer to their description "
"in the <citerefentry> <refentrytitle>
sssd.conf</refentrytitle><manvolnum>5</"
"manvolnum> </citerefentry>, manual page. <placeholder type=\"variablelist\" "
"Todas las opciones de configuración comunes que se aplican a los dominios "
"SSSD también se aplican a los dominios LDAP. Vea la sección <quote>DOMAIN "
"SECTIONS</quote> de la página de manual <citerefentry> <refentrytitle>sssd."
"conf</refentrytitle> <manvolnum>5</manvolnum> </citerefentry> para detalles "
"completos. <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <refsect1><refsect2><para>
"For LDAP-based providers, the resolve operation is performed as part of an "
"LDAP connection operation. Thefore, also the <quote>ldap_opt_timeout></"
"quote> timeout should be set to a larger value than "
"<quote>dns_resolver_timeout</quote> which in turn should be set to a larger "
"value than <quote>dns_resolver_op_timeout</quote>."
#. type: Content of: <refsect1><title>
msgstr "ASIGNACIÓN DE ID"
#. type: Content of: <refsect1><para>
"The ID-mapping feature allows SSSD to act as a client of Active Directory "
"without requiring administrators to extend user attributes to support POSIX "
"attributes for user and group identifiers."
"La función asignación de ID permite a SSSD actuar como un cliente de Active "
"Directory sin requerir de administradores para extender los atributos de "
"usuario para soportar atributos POSIX para los identificadores de usuario y "
#. type: Content of: <refsect1><para>
"NOTE: When ID-mapping is enabled, the uidNumber and gidNumber attributes are "
"ignored. This is to avoid the possibility of conflicts between automatically-"
"assigned and manually-assigned values. If you need to use manually-assigned "
"values, ALL values must be manually-assigned."
"NOTA: Cuando asignación de ID está habilitado, los atributos uidNumber y "
"gidNumber son ignorados. Esto es para evitar la posibilidad de conflictos "
"entre los valores automáticamente asignados y los asignados manualmente. Si "
"usted necesita usar los valore asignados manualmente, TODOS los valores "
"deben ser asignados manualmente."
#. type: Content of: <refsect1><para>
"Please note that changing the ID mapping related configuration options will "
"cause user and group IDs to change. At the moment, SSSD does not support "
"changing IDs, so the SSSD database must be removed. Because cached passwords "
"are also stored in the database, removing the database should only be "
"performed while the authentication servers are reachable, otherwise users "
"might get locked out. In order to cache the password, an authentication must "
"be performed. It is not sufficient to use <citerefentry> "
"<refentrytitle>sss_cache</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry> to remove the database, rather the process consists of:"
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Making sure the remote servers are reachable"
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Stopping the SSSD service"
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Removing the database"
#. type: Content of: <refsect1><para><itemizedlist><listitem><para>
msgid "Starting the SSSD service"
#. type: Content of: <refsect1><para>
"Moreover, as the change of IDs might necessitate the adjustment of other "
"system properties such as file and directory ownership, it's advisable to "
"plan ahead and test the ID mapping configuration thoroughly."
#. type: Content of: <refsect1><refsect2><title>
msgid "Mapping Algorithm"
msgstr "Algoritmo de asignación"
#. type: Content of: <refsect1><refsect2><para>
"Active Directory provides an objectSID for every user and group object in "
"the directory. This objectSID can be broken up into components that "
"represent the Active Directory domain identity and the relative identifier "
"(RID) of the user or group object."
"Active Directory suministra un objectSID para cada objeto usuario y grupo en "
"el directorio. El objectSID puede ser dividido en componente que representan "
"la identidad del dominio Active Directory y le identificador relativo (RID) "
"del objeto usuario y grupo."
#. type: Content of: <refsect1><refsect2><para>
"The SSSD ID-mapping algorithm takes a range of available UIDs and divides it "
"into equally-sized component sections - called \"slices\"-. Each slice "
"represents the space available to an Active Directory domain."
"El algoritmo de asignación de ID de SSSD tiene un rango de UIDs disponibles "
"y lo divide en secciones componente de igual tamaño – llamadas “rebanadas” "
"-. Cada rebanada representa el espacio disponible para un dominio Active "
#. type: Content of: <refsect1><refsect2><para>
"When a user or group entry for a particular domain is encountered for the "
"first time, the SSSD allocates one of the available slices for that domain. "
"In order to make this slice-assignment repeatable on different client "
"machines, we select the slice based on the following algorithm:"
"Cuando se encuentra por primera vez una entrada de usuario o grupo para un "
"dominio concreto, SSSD asigna una de las rebanadas disponibles para ese "
"dominio. Con el objetivo de hacer esta asignación de rebanadas repetible "
"sobre diferentes máquinas clientes, seleccionamos la rebanada en base al "
#. type: Content of: <refsect1><refsect2><para>
"The SID string is passed through the murmurhash3 algorithm to convert it to "
"a 32-bit hashed value. We then take the modulus of this value with the total "
"number of available slices to pick the slice."
"La cadena SID pasada a través del algoritmo murmurhash3 para convertirlo en "
"un valor picado de 32 bit. Después tomamos los módulos de este valor con el "
"número total de rebanadas disponibles para recoger la rebanada."
#. type: Content of: <refsect1><refsect2><para>
"NOTE: It is possible to encounter collisions in the hash and subsequent "
"modulus. In these situations, we will select the next available slice, but "
"it may not be possible to reproduce the same exact set of slices on other "
"machines (since the order that they are encountered will determine their "
"slice). In this situation, it is recommended to either switch to using "
"explicit POSIX attributes in Active Directory (disabling ID-mapping) or "
"configure a default domain to guarantee that at least one is always "
"consistent. See <quote>Configuration</quote> for details."
"NOTA: Es posible encontrar colisiones en el picadillo y los módulos "
"subsiguientes. En estas situaciones, seleccionaremos la siguiente rebanada "
"disponible, pero puede no ser posible reproducir los mismos conjuntos "
"exactos de rebanadas sobre otras máquinas (puesto que el orden en que se "
"encuentren desterminará sus rebanadas). En esta situación, se recomienda o "
"bien conmutar para usar los atributos explícitos POSIX en Active Directory "
"(deshabilitando la asignación de ID) o configurar un dominio por defecto "
"para garantizar que al menos uno sea siempre consistente. Vea "
"<quote>Configuración</quote> para detalles."
#. type: Content of: <refsect1><refsect2><para>
#. type: Content of: <refsect1><refsect2><para><programlisting>
"ldap_id_mapping = True\n"
msgstr "ldap_id_mapping = True ldap_schema = ad \n"
#. type: Content of: <refsect1><refsect2><para>
"The default configuration results in configuring 10,000 slices, each capable "
"of holding up to 200,000 IDs, starting from 200,000 and going up to "
"2,000,200,000. This should be sufficient for most deployments."
#. type: Content of: <refsect1><refsect2><refsect3><title>
msgid "Advanced Configuration"
msgstr "Configuración Avanzada"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_range_min (integer)"
msgstr "ldap_idmap_range_min (entero)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Specifies the lower bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
"Especifica el límite inferior del rango de IDs POXIS a usar para la "
"asignación de SIDs de usuario y grupo de Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"NOTE: This option is different from <quote>min_id</quote> in that "
"<quote>min_id</quote> acts to filter the output of requests to this domain, "
"whereas this option controls the range of ID assignment. This is a subtle "
"distinction, but the good general advice would be to have <quote>min_id</"
"quote> be less-than or equal to <quote>ldap_idmap_range_min</quote>"
"NOTA: Esta opción es diferente de <quote>min_id</quote> en esta "
"<quote>min_id</quote> actúa para filtrar la salida de las peticiones a este "
"dominio, mientras esta opción controla el rango de la asignación de ID. Esto "
"es una sutil diferencia, pero el buen consejo general sería que "
"<quote>min_id</quote> fuera menor o igual que <quote>ldap_idmap_range_min</"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgstr "Por defecto: 200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_range_max (integer)"
msgstr "ldap_idmap_range_max (entero)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Specifies the upper bound of the range of POSIX IDs to use for mapping "
"Active Directory user and group SIDs."
"Especifica el límite superior del rango de IDs POXIS a usar para la "
"asignación de SIDs de usuario y grupo por Active Directory."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"NOTE: This option is different from <quote>max_id</quote> in that "
"<quote>max_id</quote> acts to filter the output of requests to this domain, "
"whereas this option controls the range of ID assignment. This is a subtle "
"distinction, but the good general advice would be to have <quote>max_id</"
"quote> be greater-than or equal to <quote>ldap_idmap_range_max</quote>"
"NOTA: Esta opción es diferente de <quote>max_id</quote> en esta "
"<quote>max_id</quote> actúa para filtrar la salida de las peticiones a este "
"dominio, mientras esta opción controla el rango de la asignación de ID. Esto "
"es una sutil diferencia, pero el buen consejo general sería que "
"<quote>max_id</quote> fuera menor o igual que <quote>ldap_idmap_range_max</"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgid "Default: 2000200000"
msgstr "Por defecto: 2000200000"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_range_size (integer)"
msgstr "ldap_idmap_range_size (entero)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Specifies the number of IDs available for each slice. If the range size "
"does not divide evenly into the min and max values, it will create as many "
"complete slices as it can."
"Especifica el número de IDs disponibles para cada rebanada. Si el rango no "
"se divide de forma igual entre los valores mínimo y máximo, creará tantas "
"rebanadas completas como sea posible."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"NOTE: The value of this option must be at least as large as the highest user "
"RID planned for use on the Active Directory server. User lookups and login "
"will fail for any user whose RID is greater than this value."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"For example, if your most recently-added Active Directory user has "
"objectSid=S-1-5-21-2153326666-2176343378-3404031434-1107, "
"<quote>ldap_idmap_range_size</quote> must be at least 1108 as range size is "
"equal to maximal SID minus minimal SID plus one (
e.g. 1108 = 1107 - 0 + 1)."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"It is important to plan ahead for future expansion, as changing this value "
"will result in changing all of the ID mappings on the system, leading to "
"users with different local IDs than they previously had."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_default_domain_sid (string)"
msgstr "ldap_idmap_default_domain_sid (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Specify the domain SID of the default domain. This will guarantee that this "
"domain will always be assigned to slice zero in the ID map, bypassing the "
"murmurhash algorithm described above."
"Especifica el SID de dominio del dominio por defecto. Esto garantizará que "
"este dominio será asignado siempre a la rebanada cero en el mapa de ID, "
"sobrepasando el algoritmo murmurhash descrito arriba."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_default_domain (string)"
msgstr "ldap_idmap_default_domain (cadena)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
msgid "Specify the name of the default domain."
msgstr "Especifica el nombre del dominio por defecto."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_autorid_compat (boolean)"
msgstr "ldap_idmap_autorid_compat (booleano)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Changes the behavior of the ID-mapping algorithm to behave more similarly to "
"winbind's <quote>idmap_autorid</quote> algorithm."
"Cambia el comportamiento del algoritmo de asignación de id para que se "
"comporte de un modo más similar al algoritmo <quote>idmap_autorid</quote> de "
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"When this option is configured, domains will be allocated starting with "
"slice zero and increasing monatomically with each additional domain."
"Cuando esta opción está configurada, los dominios serán asignados empezando "
"con la rebanada cero e incrementándose de uno en uno con cada dominio "
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"NOTE: This algorithm is non-deterministic (it depends on the order that "
"users and groups are requested). If this mode is required for compatibility "
"with machines running winbind, it is recommended to also use the "
"<quote>ldap_idmap_default_domain_sid</quote> option to guarantee that at "
"least one domain is consistently allocated to slice zero."
"NOTA: Este algoritmo no es determinista (depende del orden en que usuario y "
"grupos son pedidos). Si se requiere este modo para compatibilidad con "
"máquinas que ejecutan winbind, se recomienda que también use la opción "
"<quote>ldap_idmap_default_domain_sid</quote> para garantizar que al menos un "
"dominio está asignado consistentemente a la rebanada cero."
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><term>
msgid "ldap_idmap_helper_table_size (integer)"
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Maximal number of secondary slices that is tried when performing mapping "
#. type: Content of: <refsect1><refsect2><refsect3><variablelist><varlistentry><listitem><para>
"Note: Additional secondary slices might be generated when SID is being "
"mapped to UNIX id and RID part of SID is out of range for secondary slices "
"generated so far. If value of ldap_idmap_helper_table_size is equal to 0 "
"then no additional secondary slices are generated."
#. type: Content of: <refsect1><refsect2><title>
#. type: Content of: <refsect1><refsect2><para>
"SSSD supports to look up the names of Well-Known SIDs,
i.e. SIDs with a "
"special hardcoded meaning. Since the generic users and groups related to "
"those Well-Known SIDs have no equivalent in a
Linux/UNIX environment no "
"POSIX IDs are available for those objects."
#. type: Content of: <refsect1><refsect2><para>
"The SID name space is organized in authorities which can be seen as "
"different domains. The authorities for the Well-Known SIDs are"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
msgid "Creator Authority"
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#. type: Content of: <refsect1><refsect2><para><itemizedlist><listitem><para>
#. type: Content of: <refsect1><refsect2><para>
"The capitalized version of these names are used as domain names when "
"returning the fully qualified name of a Well-Known SID."
#. type: Content of: <refsect1><refsect2><para>
"Since some utilities allow to modify SID based access control information "
"with the help of a name instead of using the SID directly SSSD supports to "
"look up the SID by the name as well. To avoid collisions only the fully "
"qualified names can be used to look up Well-Known SIDs. As a result the "
"domain names <quote>NULL AUTHORITY</quote>, <quote>WORLD AUTHORITY</quote>, "
"<quote> LOCAL AUTHORITY</quote>, <quote>CREATOR AUTHORITY</quote>, <quote>NT "
"AUTHORITY</quote> and <quote>BUILTIN</quote> should not be used as domain "
#. type: Content of: <varlistentry><term>
msgid "<option>-?</option>,<option>--help</option>"
msgstr "<option>-?</option>,<option>--help</option>"
#. type: Content of: <varlistentry><listitem><para>
msgid "Display help message and exit."
msgstr "Muestra mensaje de ayuda y sale."
#. type: Content of: <varlistentry><term>
msgid "<option>-h</option>,<option>--help</option>"
msgstr "<option>-h</option>,<option>--help</option>"
#. type: Content of: <listitem><para>
"SSSD supports two representations for specifying the debug level. The "
"simplest is to specify a decimal value from 0-9, which represents enabling "
"that level and all lower-level debug messages. The more comprehensive option "
"is to specify a hexadecimal bitmask to enable or disable specific levels "
"(such as if you wish to suppress a level)."
#. type: Content of: <listitem><para>
"Please note that each SSSD service logs into its own log file. Also please "
"note that enabling <quote>debug_level</quote> in the <quote>[sssd]</quote> "
"section only enables debugging just for the sssd process itself, not for the "
"responder or provider processes. The <quote>debug_level</quote> parameter "
"should be added to all sections that you wish to produce debug logs from."
#. type: Content of: <listitem><para>
"In addition to changing the log level in the config file using the "
"<quote>debug_level</quote> parameter, which is persistent, but requires SSSD "
"restart, it is also possible to change the debug level on the fly using the "
"<citerefentry> <refentrytitle>sss_debuglevel</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry> tool."
#. type: Content of: <listitem><para>
msgid "Currently supported debug levels:"
msgstr "Niveles de depuración actualmente soportados:"
#. type: Content of: <listitem><para>
"<emphasis>0</emphasis>, <emphasis>0x0010</emphasis>: Fatal failures. "
"Anything that would prevent SSSD from starting up or causes it to cease "
#. type: Content of: <listitem><para>
"<emphasis>1</emphasis>, <emphasis>0x0020</emphasis>: Critical failures. An "
"error that doesn't kill SSSD, but one that indicates that at least one major "
"feature is not going to work properly."
#. type: Content of: <listitem><para>
"<emphasis>2</emphasis>, <emphasis>0x0040</emphasis>: Serious failures. An "
"error announcing that a particular request or operation has failed."
#. type: Content of: <listitem><para>
"<emphasis>3</emphasis>, <emphasis>0x0080</emphasis>: Minor failures. These "
"are the errors that would percolate down to cause the operation failure of 2."
#. type: Content of: <listitem><para>
"<emphasis>4</emphasis>, <emphasis>0x0100</emphasis>: Configuration settings."
#. type: Content of: <listitem><para>
msgid "<emphasis>5</emphasis>, <emphasis>0x0200</emphasis>: Function data."
#. type: Content of: <listitem><para>
"<emphasis>6</emphasis>, <emphasis>0x0400</emphasis>: Trace messages for "
#. type: Content of: <listitem><para>
"<emphasis>7</emphasis>, <emphasis>0x1000</emphasis>: Trace messages for "
"internal control functions."
#. type: Content of: <listitem><para>
"<emphasis>8</emphasis>, <emphasis>0x2000</emphasis>: Contents of function-"
"internal variables that may be interesting."
#. type: Content of: <listitem><para>
"<emphasis>9</emphasis>, <emphasis>0x4000</emphasis>: Extremely low-level "
#. type: Content of: <listitem><para>
"To log required bitmask debug levels, simply add their numbers together as "
"shown in following examples:"
#. type: Content of: <listitem><para>
"<emphasis>Example</emphasis>: To log fatal failures, critical failures, "
"serious failures and function data use 0x0270."
"<emphasis>Ejemplo</emphasis>: Para registrar fallos fatales, críticos y "
"serios y datos de función use 0x0270."
#. type: Content of: <listitem><para>
"<emphasis>Example</emphasis>: To log fatal failures, configuration settings, "
"function data, trace messages for internal control functions use 0x1310."
"<emphasis>Example</emphasis>: Para registrar fallos fatales, ajustes de "
"configuración, datos de función, mensajes de traza para funciones de control "
#. type: Content of: <listitem><para>
"<emphasis>Note</emphasis>: The bitmask format of debug levels was introduced "
#. type: Content of: <listitem><para>
msgid "<emphasis>Default</emphasis>: 0"
#. type: Content of: outside any tag (error?)
"
SSSD/sssd/ to report any issues. </emphasis>"
#. type: Content of: <refsect1><title>
msgstr "EL DOMINIO LOCAL"
#. type: Content of: <refsect1><para>
"In order to function correctly, a domain with <quote>id_provider=local</"
"quote> must be created and the SSSD must be running."
"Con el objetivo de que funcione correctamente, se debe crear un dominio con "
"<quote>id_provider=local</quote> y el SSSD debe estar corriendo."
#. type: Content of: <refsect1><para>
"The administrator might want to use the SSSD local users instead of "
"traditional UNIX users in cases where the group nesting (see <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</manvolnum> </"
"citerefentry>) is needed. The local users are also useful for testing and "
"development of the SSSD without having to deploy a full remote server. The "
"<command>sss_user*</command> and <command>sss_group*</command> tools use a "
"local LDB storage to store users and groups."
"El administrador puede desear usar los usuarios locales SSSD en lugar de los "
"usuarios tradicionales UNIX en los casos donde los grupos anidados (vea "
"<citerefentry> <refentrytitle>sss_groupadd</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>) sean necesarios. Los usuarios locales son "
"también útiles para la prueba y el desarrollo del SSSD sin tener que "
"desplegar un servidor remoto completo. Las herramientas <command>sss_user*</"
"command> y <command>sss_group*</command> usan un almacenamiento LDB local "
"para almacenar usuarios y grupos."
#. type: Content of: <refsect1><para>
"<citerefentry> <refentrytitle>sssd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>
sssd.conf</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sssd-ldap</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd-krb5</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sssd-simple</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd-ipa</"
"refentrytitle><manvolnum>5</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sssd-ad</refentrytitle><manvolnum>5</manvolnum> </"
"citerefentry>, <phrase condition=\"with_sudo\"> <citerefentry> "
"<refentrytitle>sssd-sudo</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>, </phrase> <phrase condition=\"with_secrets\"> <citerefentry> "
"<refentrytitle>sssd-secrets</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry>, </phrase> <citerefentry> <refentrytitle>sssd-session-"
"recording</refentrytitle> <manvolnum>5</manvolnum> </citerefentry>, "
"<citerefentry> <refentrytitle>sss_cache</refentrytitle><manvolnum>8</"
"manvolnum> </citerefentry>, <citerefentry> <refentrytitle>sss_debuglevel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupadd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_groupdel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_groupshow</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_groupmod</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_useradd</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_userdel</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_usermod</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sss_obfuscate</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_seed</refentrytitle><manvolnum>8</manvolnum> </"
"citerefentry>, <citerefentry> <refentrytitle>sssd_krb5_locator_plugin</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>, <phrase condition="
"\"with_ssh\"> <citerefentry> <refentrytitle>sss_ssh_authorizedkeys</"
"refentrytitle> <manvolnum>8</manvolnum> </citerefentry>, <citerefentry> "
"<refentrytitle>sss_ssh_knownhostsproxy</refentrytitle> <manvolnum>8</"
"manvolnum> </citerefentry>, </phrase> <phrase condition=\"with_ifp\"> "
"<citerefentry> <refentrytitle>sssd-ifp</refentrytitle> <manvolnum>5</"
"manvolnum> </citerefentry>, </phrase> <citerefentry> <refentrytitle>pam_sss</"
"refentrytitle><manvolnum>8</manvolnum> </citerefentry>. <citerefentry> "
"<refentrytitle>sss_rpcidmapd</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> <phrase condition=\"with_stap\"> <citerefentry> "
"<refentrytitle>sssd-systemtap</refentrytitle> <manvolnum>5</manvolnum> </"
"citerefentry> </phrase>"
#. type: Content of: <listitem><para>
"An optional base DN, search scope and LDAP filter to restrict LDAP searches "
"for this attribute type."
"Una base DN opcional, alcance de la búsqueda y filtro LDAP para búsquedas "
"LDAP de este tipo de atributo."
#. type: Content of: <listitem><para><programlisting>
msgid "search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
"search_base[?scope?[filter][?search_base?scope?[filter]]*]\n"
#. type: Content of: <listitem><para>
msgid "syntax: <placeholder type=\"programlisting\" id=\"0\"/>"
msgstr "sintaxis: <placeholder type=\"programlisting\" id=\"0\"/>"
#. type: Content of: <listitem><para>
"The scope can be one of \"base\", \"onelevel\" or \"subtree\". The scope "
#. type: Content of: <listitem><para>
"For examples of this syntax, please refer to the <quote>ldap_search_base</"
"quote> examples section."
"Para ejemplos de esta sintaxis, por favor vea la sección de ejemplos de "
"<quote>ldap_search_base</quote>"
#. type: Content of: <listitem><para>
"Please note that specifying scope or filter is not supported for searches "
"against an Active Directory Server that might yield a large number of "
"results and trigger the Range Retrieval extension in the response."
"Por favor advierta que especificar el alcance o el filtro no está soportado "
"para búsquedas contra un Active Directory Server que puede ceder un gran "
"número de resultados y disparar la extensión Range Retrieval en la respuesta."
#. type: Content of: <para>
"Please note that the automounter only reads the master map on startup, so if "
"any autofs-related changes are made to the
sssd.conf, you typically also "
"need to restart the automounter daemon after restarting the SSSD."
"Por favor advierta que el automontador sólo lee el mapa maestro en el "
"arranque, se modo que si se hace cualquier cambio relacionado con autofs al "
"
sssd.conf, usted normalmente también necesitará reiniciar el demonio "
"automontador después de reiniciar el SSSD."
#. type: Content of: <varlistentry><term>
msgid "override_homedir (string)"
msgstr "override_homedir (cadena)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgstr "nombre de dominio"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "fully qualified user name (user@domain)"
msgstr "nombre totalmente cualificado del usuario (user@domain)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "The first letter of the login name."
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "UPN - User Principal Name (name@REALM)"
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "The original home directory retrieved from the identity provider."
msgstr "El directorio home original recuperado del proveedor de identidad."
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><term>
#. type: Content of: <varlistentry><listitem><para><variablelist><varlistentry><listitem><para>
msgid "The value of configure option <emphasis>homedir_substring</emphasis>."
#. type: Content of: <varlistentry><listitem><para>
"Override the user's home directory. You can either provide an absolute value "
"or a template. In the template, the following sequences are substituted: "
"<placeholder type=\"variablelist\" id=\"0\"/>"
"Anula el directorio home del usuario. Usted puede suministras bien un valor "
"absoluto o una plantilla. En la plantilla, serán sustituidas las siguientes "
"secuencias: <placeholder type=\"variablelist\" id=\"0\"/>"
#. type: Content of: <varlistentry><listitem><para><programlisting>
"override_homedir = /home/%u\n"
#. type: Content of: <varlistentry><listitem><para>
msgid "Default: Not set (SSSD will use the value retrieved from LDAP)"
msgstr "Por defecto: No fijado (SSSD usará el valor recuperado desde LDAP)"
#. type: Content of: <varlistentry><term>
msgid "homedir_substring (string)"
#. type: Content of: <varlistentry><listitem><para>
"The value of this option will be used in the expansion of the "
"<emphasis>override_homedir</emphasis> option if the template contains the "
"format string <emphasis>%H</emphasis>. An LDAP directory entry can directly "
"contain this template so that this option can be used to expand the home "
"directory path for each client machine (or operating system). It can be set "
"per-domain or globally in the [nss] section. A value specified in a domain "
"section will override one set in the [nss] section."
#. type: Content of: <varlistentry><listitem><para>
#. type: Content of: <refsect1><title>
msgid "MODIFIED DEFAULT OPTIONS"
#. type: Content of: <refsect1><para>
"Certain option defaults do not match their respective backend provider "
"defaults, these option names and AD provider-specific defaults are listed "
#. type: Content of: <refsect1><refsect2><title>
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_validate = true"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_use_enterprise_principal = true"
#. type: Content of: <refsect1><refsect2><title>
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_force_upper_case_realm = true"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_id_mapping = true"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_sasl_mech = gssapi"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_referrals = false"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_account_expire_policy = ad"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_use_tokengroups = true"
#. type: Content of: <refsect1><para>
"Certain option defaults do not match their respective backend provider "
"defaults, these option names and IPA provider-specific defaults are listed "
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_use_fast = try"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "krb5_canonicalize = true"
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider - General"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_schema = ipa_v1"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_sasl_mech = GSSAPI"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_sasl_minssf = 56"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_account_expire_policy = ipa"
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider - User options"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_member_of = memberOf"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_uuid = ipaUniqueID"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_ssh_public_key = ipaSshPubKey"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_user_auth_type = ipaUserAuthType"
#. type: Content of: <refsect1><refsect2><title>
msgid "LDAP Provider - Group options"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_object_class = ipaUserGroup"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_object_class_alt = posixGroup"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_member = member"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_uuid = ipaUniqueID"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_objectsid = ipaNTSecurityIdentifier"
#. type: Content of: <refsect1><refsect2><itemizedlist><listitem><para>
msgid "ldap_group_external_member = ipaExternalMember"
#~ "Determines if a domain can be enumerated. This parameter can have one of "
#~ "the following values:"
#~ "Determina si un dominio puede ser enumerado. Este parámetro puede tener "
#~ "uno de los siguientes valores:"
#~ "<command>sss_debuglevel</command> changes debug level of SSSD monitor and "
#~ "providers to <replaceable>NEW_DEBUG_LEVEL</replaceable> while SSSD is "
#~ "<command>sss_debuglevel</command> cambia el nivel de depuración del "
#~ "monitor y proveedores SSSD a <replaceable>NEW_DEBUG_LEVEL</replaceable> "
#~ "mientras SSSD está corriendo."
#~ msgid "<replaceable>NEW_DEBUG_LEVEL</replaceable>"
#~ msgstr "<replaceable>NEW_DEBUG_LEVEL</replaceable>"